Blowfish support in crypt() (glibc) ?

Bennett Todd bet at
Mon Jun 7 07:05:07 PDT 2004

2004-06-07T01:58:05 Robert Connolly:
> Md5 isn't very good anymore.

Could you please expand on that?

What I've heard is that weakened varients (reduced rounds?) have
been shown vulnerable to attack, but so far as I know standard MD5
hasn't. And in some applications, a 128-bit hash like MD5 is
vulnerable to a Birthday attack where a bigger one, like e.g. SHA1
(160 bits) isn't.

But "attack" means something very different for a cryptographic hash
used bare, like MD5 or SHA1 in normal crypto design, and one used
salted and iterated, like in a passwd file; there the possibility of
breaking the hash isn't even interesting, the design is focused on
trying to slow down dictionary attacks.

What's the problem with MD5 in passwd?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <>

More information about the hlfs-dev mailing list