use SHA1 or SHA256 instead of MD5 for /etc/shadow ? - Security

This is a discussion on use SHA1 or SHA256 instead of MD5 for /etc/shadow ? - Security ; With rainbow tables for MD5 now available out there, is it possible to use SHA1 or SHA256 instead of MD5 in /etc/shadow? If not, is somebody working on it?...

+ Reply to Thread
Results 1 to 4 of 4

Thread: use SHA1 or SHA256 instead of MD5 for /etc/shadow ?

  1. use SHA1 or SHA256 instead of MD5 for /etc/shadow ?


    With rainbow tables for MD5 now available out there, is it possible to
    use SHA1 or SHA256 instead of MD5 in /etc/shadow? If not, is somebody
    working on it?


  2. Re: use SHA1 or SHA256 instead of MD5 for /etc/shadow ?

    On Sun, 27 Jan 2008 05:01:53 GMT, Reid Fleming wrote:
    >
    > With rainbow tables for MD5 now available out there, is it possible to
    > use SHA1 or SHA256 instead of MD5 in /etc/shadow? If not, is somebody
    > working on it?


    Since you refer to /etc/shadow, you're probably talking about
    Unix or Linux login, in which case your system is almost certainly
    using salt, in which case rainbow tables are not a concern.

    --
    To email me, substitute nowhere->spamcop, invalid->net.

  3. Re: use SHA1 or SHA256 instead of MD5 for /etc/shadow ?

    Peter Pearson writes:

    >On Sun, 27 Jan 2008 05:01:53 GMT, Reid Fleming wrote:
    >>
    >> With rainbow tables for MD5 now available out there, is it possible to
    >> use SHA1 or SHA256 instead of MD5 in /etc/shadow? If not, is somebody
    >> working on it?


    >Since you refer to /etc/shadow, you're probably talking about
    >Unix or Linux login, in which case your system is almost certainly
    >using salt, in which case rainbow tables are not a concern.


    Furthermore, usnix/linux does not use a straight md5 hash. It uses a god
    awful mixture of things, including md5 many many time, but oether mangling
    as well, including salts.

    Substituting in straight SHA1 is liable to make it worse not better.

    >--
    >To email me, substitute nowhere->spamcop, invalid->net.


  4. Re: use SHA1 or SHA256 instead of MD5 for /etc/shadow ?

    Unruh wrote:
    > Peter Pearson writes:
    >
    >> On Sun, 27 Jan 2008 05:01:53 GMT, Reid Fleming wrote:
    >>> With rainbow tables for MD5 now available out there, is it possible to
    >>> use SHA1 or SHA256 instead of MD5 in /etc/shadow? If not, is somebody
    >>> working on it?

    >
    >> Since you refer to /etc/shadow, you're probably talking about
    >> Unix or Linux login, in which case your system is almost certainly
    >> using salt, in which case rainbow tables are not a concern.

    >
    > Furthermore, usnix/linux does not use a straight md5 hash. It uses a god
    > awful mixture of things, including md5 many many time, but oether mangling
    > as well, including salts.
    >
    > Substituting in straight SHA1 is liable to make it worse not better.


    To see the method used by the shadow suite see:

    http://www.hccfl.edu/pollock/AUnix3/...m#MD5passwords

    Not you can use SHA-X (where X=256, 384, or 512) if you want using
    the same mechanism as is used for MD5. This might make your
    system marginally more secure. But practically speaking, MD5
    is likely to be adequate protection for many years to come.

    -Wayne

+ Reply to Thread