http://bugzilla.novell.com/show_bug.cgi?id=494544
User meissner@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=494544#c3
--- Comment #3 from Marcus Meissner 2009-04-15 04:09:32 MDT ---
DES needs to stay as compat option, as you also said.
MD5, Blowfish for passwords are used as "trapdoor" functions with multiple
rounds.
The "hash collision" discoveries you are hinting at do not really apply to such
usage, since it is a different usage of those algorithms, and knowledge of
original text (the actual password ;) would be required anyway.
Also it is still recommended to keep the crypted passwords secret, to avoid
your basic run-of-the-mill dictionary attacks away anyway.
so the hash collision research does not influence usage for password-trapdoor
function.
--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.