PHK says md5crypt() algorithm no longer secure

This week has been interesting with regards to online security: LinkedIn, Last.fm, eHarmony, et al had security issues and breaches.

Not directly related to these breaches, but still in the realm of security, Poul-Henning Kamp, the author of md5crypt(), has said that md5crypt() is no longer secure despite being recommended as a password hashing function. md5crypt is used to encrypt passwords on some FreeBSD systems.

The md5crypt password scrambler was created in 1995 by yours truly and was, back then, a sufficiently strong protection for passwords.

New research has shown that it can be run at a rate close to 1 million checks per second on COTS GPU hardware, which means that it is as prone to brute-force attacks as the DES based UNIX crypt was back in 1995: Any 8 character password can be found in a couple of days.

As the author of md5crypt, I implore everybody to migrate to a stronger password scrambler without undue delay.

Continues

Miscelaneous FreeBSD news updates (KDE, PC-BSD, Raspberry Pi, FBSD Foundation, OSI)

Below some miscelaneous links to FreeBSD related news and updates:

KDE/FreeBSD Bulletin with recent FreeBSD KDE ports related updates.

PC-BSD 20120605 Snapshot now available for testing. There’s also a BSD Talk interview (BSDTalk 2016) with Kris Moore, founder of the PC-BSD project, which was recorded during BSDCan 2012. Kris talks about the features going into PC-BSD 9.1.

There are some FreeBSD developers that are trying to get FreeBSD running on the Raspberry Pi, a $25 ARM Linux/GNU box: Porting FreeBSD to the Raspberry Pi.

FreeBSD, a world apart (translatedfrom Spanish with Google Translate) – interesting blog post with some FreeBSDD background information. I like the collection of open source logos.

FreeBSD Foundation prepares launch of East Coast Mirror at NYI (announement)

Simon Phipps is the new OSI President:

Phipps has already been spearheading an OSI reform process, working with the rest of the board to open up the organisation. That process has led to the creation of Open Source Initiative affiliation, bringing the Apache Software Foundation, FreeBSD, Eclipse, Mozilla, Debian, and Creative Commons, along with other organisations, on board as affiliates.

Call for Testing (CfT): xorg 7.7

Martin Wilke has put out a call for people to help him test xorg 7.7, an open source implementation of the X Window System.

The FreeBSD Xorg Team is pleased to announce Xorg 7.7 Release. We are very happy to be able to Call for testing shortly after the Xorg team annouced 7.7 release. This CFT is also open for discussion on how we should move forward with xorg release as we are facing some issues and we would like to ask for your opinion. Right now we have 2 existing xorg versions in our Ports Tree. The situation is quite bad due to our poor graphic card support. That means we do not have much choice but to take it as how it is now. But with regards to mesa support, we have to face some new challenges.

Read the whole post and the instructions here: [CFT] Xorg 7.7 ready for testing!

 

BSDCan 2012 – “The technical BSD conference

Martin Cracauer, a FreeBSD developer, went to BSDCan 2012 and wrote up his experience on the Open Source at Google blog: BSDCan 2012 – “The technical BSD conference”. I’m sure this will have been read by many with an open source interst (26716 RSS followers). Good marketing!

The FreeBSD Foundation funded some FreeBSD developers’ and contributors’ travel expenses. In return they have sumarised what the did at BSDCan, how they got involved and what it means to them.

Read the feedback from:

Some of the BSDCan presentations can be viewed here, in case you missed them.

Netflix’s new peering appliance uses FreeBSD

“FreeBSD is once again a core part of the internet infrastructure”

Netflix, an American provider of on-demand Internet streaming media in the United States, Canada and Latin America, has established its own content delivery network called “Open Connect”, and has posted the software and hardware design online.

The 4u chassis server systems that are being used, with more than 100TB of storage, run the nginx open source web server and run FreeBSD 9.0.

Read here how Netflix is using FreeBSD and what their reason is for this choice: Netflix’s New Peering Appliance Uses FreeBSD.

Thanks again to Charles Rapenne for the heads up.