From owner-freebsd-security Fri Feb 14 12:48:11 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id MAA00234 for security-outgoing; Fri, 14 Feb 1997 12:48:11 -0800 (PST) Received: from ratatosk.algonet.se (mailgw.algonet.se [194.213.74.38]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id MAA00223 for ; Fri, 14 Feb 1997 12:48:05 -0800 (PST) Received: from (tomei.algonet.se [194.213.74.114]) by ratatosk.algonet.se (8.7.4/hdw.1.0) with ESMTP id VAA15815; Fri, 14 Feb 1997 21:48:24 +0100 (MET) Received: from (mal@bengt.algonet.se [194.213.74.14]) by tomei.algonet.se (8.7.4/) with ESMTP id VAA04215; Fri, 14 Feb 1997 21:48:22 +0100 (MET) Received: (mal@localhost) by bengt (SMI-8.6/8.6.12) id VAA08594; Fri, 14 Feb 1997 21:48:22 +0100 Date: Fri, 14 Feb 1997 21:48:22 +0100 Message-Id: <199702142048.VAA08594@bengt> From: Mats Lofkvist To: freebsd-security@FreeBSD.ORG Subject: Re: blowfish passwords in FreeBSD Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > OpenBSD just committed a new encryption method using blowfish. This > has a much larger salt space as well as a much harder to break > encryption scheme. Preliminary indications are that it looks really > good. They implemented this much like md5, but with its own code. > > I think we should bring this into FreeBSD. What do others think? > > Warner Why did they feel the need for something better than md5? Is there any known weaknesses in md5? 128 bits is enough to make md5 extremely secure until someone finds a serious flaw in the algorithm, brute force attacks will probably never be a problem. _ Mats Lofkvist mal@algonet.se