From owner-freebsd-security Fri Feb 14 22:41:22 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id WAA04192 for security-outgoing; Fri, 14 Feb 1997 22:41:22 -0800 (PST) Received: from bofh.cybercity.dk (bofh.cybercity.dk [195.8.128.254]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id WAA04183 for ; Fri, 14 Feb 1997 22:41:10 -0800 (PST) Received: from critter.dk.tfs.com (phk.cybercity.dk [195.8.133.247]) by bofh.cybercity.dk (8.8.3/8.7.3) with ESMTP id HAA24754; Sat, 15 Feb 1997 07:43:39 +0100 (MET) Received: from critter.dk.tfs.com (localhost [127.0.0.1]) by critter.dk.tfs.com (8.8.2/8.8.2) with ESMTP id HAA11723; Sat, 15 Feb 1997 07:42:50 +0100 (MET) To: Mats Lofkvist cc: freebsd-security@freebsd.org Subject: Re: blowfish passwords in FreeBSD In-reply-to: Your message of "Fri, 14 Feb 1997 21:48:22 +0100." <199702142048.VAA08594@bengt> Date: Sat, 15 Feb 1997 07:42:49 +0100 Message-ID: <11721.855988969@critter.dk.tfs.com> From: Poul-Henning Kamp Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In message <199702142048.VAA08594@bengt>, Mats Lofkvist writes: >> OpenBSD just committed a new encryption method using blowfish. This >> has a much larger salt space as well as a much harder to break >> encryption scheme. Preliminary indications are that it looks really >> good. They implemented this much like md5, but with its own code. >> >> I think we should bring this into FreeBSD. What do others think? >> >> Warner > >Why did they feel the need for something better than md5? >Is there any known weaknesses in md5? 128 bits is enough to make md5 >extremely secure until someone finds a serious flaw in the algorithm, >brute force attacks will probably never be a problem. Because Theo is paranoid. -- Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. whois: [PHK] | phk@tfs.com TRW Financial Systems, Inc. Power and ignorance is a disgusting cocktail.