From owner-freebsd-security  Fri Feb 14 18:13:23 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id SAA20536
          for security-outgoing; Fri, 14 Feb 1997 18:13:23 -0800 (PST)
Received: from pdx1.world.net (pdx1.world.net [192.243.32.18])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id SAA20531
          for <security@freebsd.org>; Fri, 14 Feb 1997 18:13:18 -0800 (PST)
From: proff@suburbia.net
Received: from suburbia.net (suburbia.net [203.4.184.1]) by pdx1.world.net (8.7.5/8.7.3) with SMTP id SAA12768 for <security@freebsd.org>; Fri, 14 Feb 1997 18:14:47 -0800 (PST)
Received: (qmail 1799 invoked by uid 110); 15 Feb 1997 02:12:45 -0000
Message-ID: <19970215021245.1798.qmail@suburbia.net>
Subject: Re: blowfish passwords in FreeBSD
In-Reply-To: <199702142048.VAA08594@bengt> from Mats Lofkvist at "Feb 14, 97 09:48:22 pm"
To: mal@bengt.algonet.se (Mats Lofkvist)
Date: Sat, 15 Feb 1997 13:12:45 +1100 (EST)
Cc: security@freebsd.org
X-Mailer: ELM [version 2.4ME+ PL28 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

> Why did they feel the need for something better than md5?
> Is there any known weaknesses in md5? 128 bits is enough to make md5
> extremely secure until someone finds a serious flaw in the algorithm,
> brute force attacks will probably never be a problem.

Further, md5 as a signature algorithm is exportable, while blowfish is
not. md5 does have some flaws, but not in this context.

--
Prof. Julian Assange  |If you want to build a ship, don't drum up people
		      |together to collect wood and don't assign them tasks
proff@iq.org          |and work, but rather teach them to long for the endless
proff@gnu.ai.mit.edu  |immensity of the sea. -- Antoine de Saint Exupery