From owner-freebsd-security Sun May 2 9:27:39 1999 Delivered-To: freebsd-security@freebsd.org Received: from gratis.grondar.za (gratis.grondar.za [196.7.18.65]) by hub.freebsd.org (Postfix) with ESMTP id 5310C14F80; Sun, 2 May 1999 09:27:31 -0700 (PDT) (envelope-from mark@grondar.za) Received: from greenpeace.grondar.za (greenpeace.grondar.za [196.7.18.132]) by gratis.grondar.za (8.9.3/8.9.3) with ESMTP id SAA36494; Sun, 2 May 1999 18:27:29 +0200 (SAST) (envelope-from mark@grondar.za) Received: from grondar.za (localhost [127.0.0.1]) by greenpeace.grondar.za (8.9.3/8.9.3) with ESMTP id SAA03150; Sun, 2 May 1999 18:27:29 +0200 (SAST) (envelope-from mark@grondar.za) Message-Id: <199905021627.SAA03150@greenpeace.grondar.za> To: Eivind Eklund Cc: freebsd-security@FreeBSD.ORG Subject: Re: Blowfish/Twofish In-Reply-To: Your message of " Sun, 02 May 1999 18:16:47 +0200." <19990502181647.C32819@bitbox.follo.net> References: <21634.925539195@critter.freebsd.dk> <19990502144906.E23950@bitbox.follo.net> <199905021458.QAA02696@greenpeace.grondar.za> <19990502170929.B32819@bitbox.follo.net> <199905021541.RAA02885@greenpeace.grondar.za> <19990502181647.C32819@bitbox.follo.net> Date: Sun, 02 May 1999 18:27:29 +0200 From: Mark Murray Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Eivind Eklund wrote: > > Yes. libcrypto from OpenSSL is huge, and is hefty overkill for a > > password hashing system. Apart from that, it has a name conflict > > with kerberos (which also has a libcrypto). > > > > A password hashing system just needs a couple (few?) good hashes; > > nothing else. > > The point of this exercise would (IMO, at least) only be OpenBSD > compatibility, where OpenBSD for marketeering reasons has decided to > use Blowfish as part of their hash algorithm. If people can't migrate > their password files, they are much less likely to migrate to FreeBSD, > which means we should support their password formats if feasible. No problem. It can be added as a one-file addition to the current system. > As for the libcrypto naming conflict - is the Kerberos libcrypto used > by things outside Kerberos, or is it feasible to rename it? When I > get around to integrating the signature support into pkg_* (I have > code that work in a test environment, but haven't had time to > integrate it), we'll need libcrypto from OpenSSL in order to support > signatures - and renaming it in the port would IMO be fairly evil. Ditto for Kerberos, and Kerberos got there first :-) How do your signatures work? Can you not just use the MD? and SHA algorithms out of libmd? If not, can we not extend libmd? M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message