[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CVE-2012-3287: md5crypt is no longer considered safe

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: CVE-2012-3287: md5crypt is no longer considered safe
From: phk@xxxxxxxxxxx
Date: Fri, 8 Jun 2012 00:04:49 GMT

The LinkedIn password incompetence has resulted in a number of "just use 
md5crypt and you'll be fine" pieces of advice on the net.

Since I no longer consider this to be the case, I have issued an official 
statement, as the author of md5crypt, to the opposite effect:

http://phk.freebsd.dk/sagas/md5crypt_eol.html

Please find something better now.

Thanks for using my code.

Poul-Henning Kamp

Follow-Ups:
- Re: CVE-2012-3287: md5crypt is no longer considered safe
  - From: Solar Designer

Prev by Date: [SECURITY] [DSA 2480-3] request-tracker3.8 regression update
Next by Date: Re: Mybb 1.6.8 Sql Injection Vulnerabilitiy
Previous by thread: [SECURITY] [DSA 2480-3] request-tracker3.8 regression update
Next by thread: Re: CVE-2012-3287: md5crypt is no longer considered safe
Index(es):
- Date
- Thread