diff options
Diffstat (limited to 'docs/lib/passlib.hash.md5_crypt.rst')
-rw-r--r-- | docs/lib/passlib.hash.md5_crypt.rst | 25 |
1 files changed, 17 insertions, 8 deletions
diff --git a/docs/lib/passlib.hash.md5_crypt.rst b/docs/lib/passlib.hash.md5_crypt.rst index fefae6b..e10afcc 100644 --- a/docs/lib/passlib.hash.md5_crypt.rst +++ b/docs/lib/passlib.hash.md5_crypt.rst @@ -4,17 +4,25 @@ :class:`passlib.hash.md5_crypt` - MD5 Crypt ================================================================== +.. warning:: + + As of 2012-6-7, this algorithm is "no longer considered safe" + by it's author [#phk]_, citing the increased + speed of the MD5 hash on modern hardware, and MD5-Crypt's + lack of a variable time-cost parameter. See Passlib's + :ref:`recommended hashes <recommended-hashes>` for a replacement. + .. currentmodule:: passlib.hash This algorithm was developed for FreeBSD in 1994 by Poul-Henning Kamp, to replace the aging :class:`passlib.hash.des_crypt`. It has since been adopted by a wide variety of other Unix flavors, and is found in many other contexts as well. Due to it's origins, it's sometimes referred to as "FreeBSD MD5 Crypt". -Security-wise it is considered to be steadily weakening (due to fixed cost), -and most unix flavors have since replaced with with stronger schemes, -such as :class:`~passlib.hash.sha512_crypt` and :class:`~passlib.hash.bcrypt`. +Security-wise it should now be considered weak, +and most Unix flavors have since replaced it with stronger schemes +(such as :class:`~passlib.hash.sha512_crypt` and :class:`~passlib.hash.bcrypt`). -This is also referred to under Cisco IOS systems as a "type 5" hash. +This is also referred to on Cisco IOS systems as a "type 5" hash. The format and algorithm are identical, though Cisco seems to require 4 salt characters instead of the full 8 characters used by most systems [#cisco]_. @@ -150,15 +158,14 @@ The MD5-Crypt algorithm [#f1]_ calculates a checksum as follows: Security Issues =============== -MD5-Crypt has a couple of issues which have weakened it, -though it is not yet considered broken: +MD5-Crypt has a couple of issues which have weakened severely: * It relies on the MD5 message digest, for which theoretical pre-image attacks exist [#f2]_. However, not only is this attack still only theoretical, but none of MD5's weaknesses have been show to affect MD5-Crypt's security. -* The fixed number of rounds, combined with the availability - of high-throughput MD5 implementations, means this algorithm +* More seriously, it's fixed number of rounds (combined with the availability + of high-throughput MD5 implementations) means this algorithm is increasingly vulnerable to brute force attacks. It is this issue which has motivated it's replacement by new algorithms such as :class:`~passlib.hash.bcrypt` @@ -203,3 +210,5 @@ Passlib's implementation of md5-crypt differs from the reference implementation .. [#cisco] Note about Cisco Type 5 salt size - `<http://serverfault.com/a/46399>`_. + +.. [#phk] Deprecation Announcement from Poul-Henning Kamp - `<http://phk.freebsd.dk/sagas/md5crypt_eol.html>`_. |