From owner-freebsd-security Fri Feb 14 07:28:54 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id HAA10989 for security-outgoing; Fri, 14 Feb 1997 07:28:54 -0800 (PST) Received: from rover.village.org (rover.village.org [204.144.255.49]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id HAA10982 for ; Fri, 14 Feb 1997 07:28:50 -0800 (PST) Received: from rover.village.org [127.0.0.1] by rover.village.org with esmtp (Exim 0.56 #1) id E0vvPYw-0002eL-00; Fri, 14 Feb 1997 08:28:34 -0700 To: Guido.vanRooij@nl.cis.philips.com (Guido van Rooij) Subject: Re: blowfish passwords in FreeBSD Cc: security@freebsd.org In-reply-to: Your message of "Fri, 14 Feb 1997 10:13:49 +0100." <199702140913.KAA25549@bsd.lss.cp.philips.com> References: <199702140913.KAA25549@bsd.lss.cp.philips.com> Date: Fri, 14 Feb 1997 08:28:34 -0700 From: Warner Losh Message-Id: Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In message <199702140913.KAA25549@bsd.lss.cp.philips.com> Guido van Rooij writes: : It depends. I would very much like it to be compatible with the : OpenBSD stuff. Did they adapt the $$ scheme and allocate a new number? Yes. They are using $2$. : Further, I think we should not adapt to every new password scheme around. : It would make the password system unecessarily complex as we will : have to support every scheme simultaneously. So perhaps first a close : look at the new stuff should be taken. I agree with that statement. However, with people breaking 40 and 48 bit keys in under three weeks now by brute force, a stronger password scheme is needed. I think that this is just such a scheme. I also agree that we should take a close look at this stuff with an eye towards merging it in. The need currently isn't urgent to bring this in, so it can wait a few days/weeks while the code review goes on. Warner