On Fri, Jun 13, 2003 at 07:07:53AM +0800, =?iso-8859-9?B?c2V5eWlkIGFsaSB5/GtzZWw= ?= wrote: > Also is it a good idea to implement AES instead of crypt() ? This should have been your very first question, and the answer is "no". It is primarily not the choice of an underlying cryptographic primitive which makes a good or a bad password hashing function. It is possible to do better with DES than AES and vice versa. No reasonable password hashing function uses a message digest algorithm (such as MD5) or a block cipher (such as DES, Blowfish, or AES) as-is, they build upon cryptographic primitives like these. And the properties most relevant to password hashing are introduced in such higher-level algorithms. crypt(3) has never been just DES, MD5, or Blowfish. It merely uses these as building blocks. You may find an implementation of a modern password hashing method here: http://www.openwall.com/crypt/ It's based around the Blowfish block cipher, but like I've already mentioned it's primarily not Blowfish which makes it a good choice. Also linked from that web page is a paper on the algorithm used and on its properties compared to other popular alternatives. -- Alexander Peslyak <solar@xxxxxxxxxxxx> GPG key ID: B35D3598 fp: 6429 0D7E F130 C13E C929 6447 73C3 A290 B35D 3598 http://www.openwall.com - bringing security into open computing environments _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
