We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
MD5 hashing
MD5 hashing
On this website's main page, https://vestacp.com/
The below statement is said.
Read below.
Also consider reading this
Any thoughts on this?
The below statement is said.
MD5 is not secure and wasn't for a long time, especially for passwords!Linux Passwords
Our password implementation relies on the Linux PAM authentication mechanism which employs MD5 hashing, to provide unique and secure passwords.
Read below.
Source: https://en.wikipedia.org/wiki/MD5#SecuritySecurity
The security of the MD5 hash function is severely compromised. A collision attack exists that can find collisions within seconds on a computer with a 2.6 GHz Pentium 4 processor (complexity of 224.1).[17] Further, there is also a chosen-prefix collision attack that can produce a collision for two inputs with specified prefixes within hours, using off-the-shelf computing hardware (complexity 239).[18] The ability to find collisions has been greatly aided by the use of off-the-shelf GPUs. On an NVIDIA GeForce 8400GS graphics processor, 16–18 million hashes per second can be computed. An NVIDIA GeForce 8800 Ultra can calculate more than 200 million hashes per second.[19]
These hash and collision attacks have been demonstrated in the public in various situations, including colliding document files[20][21] and digital certificates.[22] As of 2015, MD5 was demonstrated to be still quite widely used, most notably by security research and antivirus companies.[23]
Also consider reading this
Source: https://security.stackexchange.com/ques ... d-insecureMD5 for passwords
Using salted md5 for passwords is a bad idea. Not because of MD5's cryptographic weaknesses, but because it's fast. This means that an attacker can try billions of candidate passwords per second on a single GPU.
What you should use are deliberately slow hash constructions, such as scrypt, bcrypt and PBKDF2. Simple salted SHA-2 is not good enough because, like most general purpose hashes, it's fast. Check out How to securely hash passwords? for details on what you should use.
Any thoughts on this?
Re: MD5 hashing
You're really think linux pam passwords not secure?
Re: MD5 hashing
Site info updated! ;-)
md5 only on old distro like centos 5 / debian 6
md5 only on old distro like centos 5 / debian 6
Code: Select all
root@r6 ~]# authconfig --test|grep hashing