summaryrefslogtreecommitdiff
path: root/docs/lib/passlib.hash.md5_crypt.rst
diff options
context:
space:
mode:
Diffstat (limited to 'docs/lib/passlib.hash.md5_crypt.rst')
-rw-r--r--docs/lib/passlib.hash.md5_crypt.rst25
1 files changed, 17 insertions, 8 deletions
diff --git a/docs/lib/passlib.hash.md5_crypt.rst b/docs/lib/passlib.hash.md5_crypt.rst
index fefae6b..e10afcc 100644
--- a/docs/lib/passlib.hash.md5_crypt.rst
+++ b/docs/lib/passlib.hash.md5_crypt.rst
@@ -4,17 +4,25 @@
:class:`passlib.hash.md5_crypt` - MD5 Crypt
==================================================================
+.. warning::
+
+ As of 2012-6-7, this algorithm is "no longer considered safe"
+ by it's author [#phk]_, citing the increased
+ speed of the MD5 hash on modern hardware, and MD5-Crypt's
+ lack of a variable time-cost parameter. See Passlib's
+ :ref:`recommended hashes <recommended-hashes>` for a replacement.
+
.. currentmodule:: passlib.hash
This algorithm was developed for FreeBSD in 1994 by Poul-Henning Kamp,
to replace the aging :class:`passlib.hash.des_crypt`.
It has since been adopted by a wide variety of other Unix flavors, and is found
in many other contexts as well. Due to it's origins, it's sometimes referred to as "FreeBSD MD5 Crypt".
-Security-wise it is considered to be steadily weakening (due to fixed cost),
-and most unix flavors have since replaced with with stronger schemes,
-such as :class:`~passlib.hash.sha512_crypt` and :class:`~passlib.hash.bcrypt`.
+Security-wise it should now be considered weak,
+and most Unix flavors have since replaced it with stronger schemes
+(such as :class:`~passlib.hash.sha512_crypt` and :class:`~passlib.hash.bcrypt`).
-This is also referred to under Cisco IOS systems as a "type 5" hash.
+This is also referred to on Cisco IOS systems as a "type 5" hash.
The format and algorithm are identical, though Cisco seems to require
4 salt characters instead of the full 8 characters
used by most systems [#cisco]_.
@@ -150,15 +158,14 @@ The MD5-Crypt algorithm [#f1]_ calculates a checksum as follows:
Security Issues
===============
-MD5-Crypt has a couple of issues which have weakened it,
-though it is not yet considered broken:
+MD5-Crypt has a couple of issues which have weakened severely:
* It relies on the MD5 message digest, for which theoretical pre-image attacks exist [#f2]_.
However, not only is this attack still only theoretical, but none of MD5's weaknesses
have been show to affect MD5-Crypt's security.
-* The fixed number of rounds, combined with the availability
- of high-throughput MD5 implementations, means this algorithm
+* More seriously, it's fixed number of rounds (combined with the availability
+ of high-throughput MD5 implementations) means this algorithm
is increasingly vulnerable to brute force attacks.
It is this issue which has motivated it's replacement
by new algorithms such as :class:`~passlib.hash.bcrypt`
@@ -203,3 +210,5 @@ Passlib's implementation of md5-crypt differs from the reference implementation
.. [#cisco] Note about Cisco Type 5 salt size -
`<http://serverfault.com/a/46399>`_.
+
+.. [#phk] Deprecation Announcement from Poul-Henning Kamp - `<http://phk.freebsd.dk/sagas/md5crypt_eol.html>`_.
View Lorry Controller Status