Domain: freebsd.dk
Stories and comments across the archive that link to freebsd.dk.
Stories · 3
-
MD5crypt Password Scrambler Is No Longer Considered Safe
As reported here recently, millions of LinkedIn password hashes have been leaked online. An anonymous reader writes "Now, Poul-Henning Kamp a developer known for work on various projects and the author of the md5crypt password scrambler asks everybody to migrate to a stronger password scrambler without undue delay. From the blog post: 'New research has shown that it can be run at a rate close to 1 million checks per second on COTS GPU hardware, which means that it is as prone to brute-force attacks as the DES based UNIX crypt was back in 1995: Any 8 character password can be found in a couple of days. The default algorithm for storing password hashes in /etc/shadow is MD5. RHEL / CentOS / FreeBSD user can migrate to SHA-512 hashing algorithms.'" Reader Curseyoukhan was one of several to also point out that dating site eHarmony got the same treatment as LinkedIn. Update: 06/07 20:13 GMT by T : An anonymous reader adds a snippet from Help Net Security, too: "Last.fm has piped up to warn about a leak of their own users' passwords. Users who have logged in to the site were greeted today by a warning asking them to change their password while the site investigates a security problem. Following the offered link to learn more, they landed on another page with another warning." -
Danish FreeBSD Dev. Sues Lenovo Over "Microsoft Tax"
Handbrewer writes "The FreeBSD developer Poul-Henning Kamp (phk) has sued Lenovo in Denmark (Google translation, original here) over their refusal to refund the Windows Vista Business license, even though he declined the EULA during installation. Lenovo argues that they sell the computer as a full product, and that they cannot refund it partially, such as the power supply or the OS even if people intend to use a different one. This seems to be contrary to previous rulings in the EU where Acer and HP has been forced to refund the 'Microsoft tax.'" -
GBDE-GEOM Based Disk Encryption on FreeBSD
BSD Forums writes "The ever increasing mobility of computers has made protection of data on digital storage media an important requirement in a number of applications and situations. GBDE is a strong cryptographic facility for denying unauthorised access to data stored on a 'cold' disk for decades and longer. GBDE operates on the disk(-partition) level allowing any type of file system or database to be protected. A significant focus has been put on the practical aspects in order to make it possible to deploy GBDE in the real world. FreeBSD's Poul-Henning Kamp says in an email to freebsd-current that he has uploaded this paper and slides which he presented at BSDcon 2003, California, USA."