Mike Jackson wrote:
Richard Megginson wrote:Del wrote:Rich Megginson wrote:We hope to have another binary release by the end of the week. We've just got a couple of bug fixes to go.Hi Rich, <prod>! http://directory.fedora.redhat.com/wiki/Download has pointers to new releases (Fedora Directory Server 1.0) but the links all give me 404's. So are we getting closer to that binary release?Closer . . .You do realize that MD5 has been _fully_ broken now, don't you? And I'm not talking about dictionary attacks; I'm talking about a fast mathematical attack vector on the algorithm itself.An interesting demonstration here: http://www.doxpara.com/?q=node&from=10 Collision generators here: http://www.stachliu.com/collisions.html The new and improved collision generator: http://www.stachliu.com/md5coll.c "Old (Wang, et al.) average run time on IBM P690 supercomputer - 1 hour" - out of reach for most people "New average run time on P4 1.6ghz PC - 45 minutes" - within reach for nearly everyone Now, storing md5 doesn't seem much safer than storing crypt.
That's why cert based auth is the best way to go. But in the meantime, the next release of FDS will support SHA-256, SHA-384, and SHA-512 password hashing.
-- mike -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
