I've been offline for some hours, and just wish to add a few concluding thoughts here:
No, I'm obviously not proposing that people do something stupid with crypto, we've had enough of that in recent days already.
But I am trying to provoke one or more card-carrying cryptographers to realize, that while password protection may be a problem we have good and strong theoretical solution for, those solutions will not protect any passwords until somebody turn them into Open Source code we can use.
I only wrote md5crypt because nobody else had done so, and nobody else wanted to do so at the time, and FreeBSD needed an ITAR exportable password scrambler.
If more cryptographers wrote more code under liberal Open Source licenses, instead of bitchy complaints against the people who do write code, then the world might gradually become a better place
I have been dreading this announcement for a couple of years, knowing full well that the majority of the world can't tell MD5 from md5crypt.
It is a credit to hackernews that you could, much appreciated.
No, I'm obviously not proposing that people do something stupid with crypto, we've had enough of that in recent days already.
But I am trying to provoke one or more card-carrying cryptographers to realize, that while password protection may be a problem we have good and strong theoretical solution for, those solutions will not protect any passwords until somebody turn them into Open Source code we can use.
I only wrote md5crypt because nobody else had done so, and nobody else wanted to do so at the time, and FreeBSD needed an ITAR exportable password scrambler.
If more cryptographers wrote more code under liberal Open Source licenses, instead of bitchy complaints against the people who do write code, then the world might gradually become a better place
I have been dreading this announcement for a couple of years, knowing full well that the majority of the world can't tell MD5 from md5crypt.
It is a credit to hackernews that you could, much appreciated.