From owner-freebsd-security  Fri Feb 14 23:18:55 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id XAA07333
          for security-outgoing; Fri, 14 Feb 1997 23:18:55 -0800 (PST)
Received: from maslow.cia-g.com (root@maslow.cia-g.com [206.206.162.5])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id XAA07323
          for <security@freebsd.org>; Fri, 14 Feb 1997 23:18:47 -0800 (PST)
Received: from maslow.cia-g.com (lithium@maslow.cia-g.com [206.206.162.5]) by maslow.cia-g.com (8.8.5/8.7.3) with SMTP id AAA19161; Sat, 15 Feb 1997 00:18:41 -0700 (MST)
Date: Sat, 15 Feb 1997 00:18:41 -0700 (MST)
From: Stephen Fisher <lithium@cia-g.com>
To: Warner Losh <imp@village.org>
cc: security@freebsd.org
Subject: Re: blowfish passwords in FreeBSD
In-Reply-To: <E0vvHbl-00026f-00@rover.village.org>
Message-ID: <Pine.BSI.3.95.970215001754.17869C-100000@maslow.cia-g.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


Where has this been used before though?  MD5 and especially DES have been
time proven and tested and white papers have been written, and people have
studied them to death already.

On Thu, 13 Feb 1997, Warner Losh wrote:

> OpenBSD just committed a new encryption method using blowfish.  This
> has a much larger salt space as well as a much harder to break
> encryption scheme.  Preliminary indications are that it looks really
> good.  They implemented this much like md5, but with its own code.
> 
> I think we should bring this into FreeBSD.  What do others think?