From owner-freebsd-security Fri Feb 14 01:14:56 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id BAA20466 for security-outgoing; Fri, 14 Feb 1997 01:14:56 -0800 (PST) Received: from gw-nl1.philips.com (gw-nl1.philips.com [192.68.44.33]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id BAA20457 for ; Fri, 14 Feb 1997 01:14:52 -0800 (PST) Received: (from nobody@localhost) by gw-nl1.philips.com (8.6.10/8.6.10-0.994n-08Nov95) id KAA00126; Fri, 14 Feb 1997 10:14:32 +0100 Received: from unknown(130.139.36.3) by gw-nl1.philips.com via smap (V1.3+ESMTP) with ESMTP id sma029913; Fri Feb 14 10:13:51 1997 Received: from bsd.lss.cp.philips.com (bsd.lss.cp.philips.com [130.144.199.33]) by smtprelay.nl.cis.philips.com (8.6.10/8.6.10-1.2.1m-970131) with SMTP id KAA04596; Fri, 14 Feb 1997 10:13:50 +0100 Received: by bsd.lss.cp.philips.com (8.8.3/1.63) id KAA25549; Fri, 14 Feb 1997 10:13:49 +0100 (MET) From: Guido.vanRooij@nl.cis.philips.com (Guido van Rooij) Message-Id: <199702140913.KAA25549@bsd.lss.cp.philips.com> Subject: Re: blowfish passwords in FreeBSD To: imp@village.org (Warner Losh) Date: Fri, 14 Feb 1997 10:13:49 +0100 (MET) Cc: security@FreeBSD.org In-Reply-To: from Warner Losh at "Feb 13, 97 11:58:56 pm" X-Mailer: ELM [version 2.4ME+ PL22 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk Warner Losh wrote: > > OpenBSD just committed a new encryption method using blowfish. This > has a much larger salt space as well as a much harder to break > encryption scheme. Preliminary indications are that it looks really > good. They implemented this much like md5, but with its own code. > > I think we should bring this into FreeBSD. What do others think? It depends. I would very much like it to be compatible with the OpenBSD stuff. Did they adapt the $$ scheme and allocate a new number? Further, I think we should not adapt to every new password scheme around. It would make the password system unecessarily complex as we will have to support every scheme simultaneously. So perhaps first a close look at the new stuff should be taken. -Guido