Date: Fri, 14 Feb 1997 18:47:14 -0500 (EST) From: Adam Shostack <adam@homeport.org> To: mal@bengt.algonet.se (Mats Lofkvist) Cc: freebsd-security@FreeBSD.ORG Subject: Re: blowfish passwords in FreeBSD Message-ID: <199702142347.SAA18988@homeport.org> In-Reply-To: <199702142048.VAA08594@bengt> from Mats Lofkvist at "Feb 14, 97 09:48:22 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Mats Lofkvist wrote: | > OpenBSD just committed a new encryption method using blowfish. This | > has a much larger salt space as well as a much harder to break | > encryption scheme. Preliminary indications are that it looks really | > good. They implemented this much like md5, but with its own code. | > | > I think we should bring this into FreeBSD. What do others think? | > | > Warner | | Why did they feel the need for something better than md5? | Is there any known weaknesses in md5? 128 bits is enough to make md5 | extremely secure until someone finds a serious flaw in the algorithm, | brute force attacks will probably never be a problem. Hans Dobbertin has found weaknesses in MD5. "The Status of MD5 after a recent attack", CryptoBytes, The technical newsletter of RSA labs, vol 2, summer 1996. The paper can probably be found on www.rsa.com. Due to the nature of hashes, you can use the birthday attack to find two messages with the same hash in 1/2 of searches of 64 bits of the space. This does not get you a a new message whose digest matches a chosen message's digest. Its also worth noting that hashes are designed to be one way functions, ciphers like Blowfish are not. Though they can be converted back and forth, there can be subtilties that should be addressed. Use of sha-1 or RIPEMD-160 would probably be a better choice than Blowfish. I say that without having studied OpenBSD's choice very closely. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702142347.SAA18988>