Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 15 Jun 1999 17:53:19 -0700
From:      Gregory Sutter <gsutter@pobox.com>
To:        Kris Kennaway <kkennawa@physics.adelaide.edu.au>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: DES & MD5?
Message-ID:  <19990615175319.W37775@001101.zer0.org>
In-Reply-To: <Pine.OSF.4.10.9906160927520.22473-100000@bragg>; from Kris Kennaway on Wed, Jun 16, 1999 at 09:31:22AM %2B0930
References:  <19990615135003.U37775@001101.zer0.org> <Pine.OSF.4.10.9906160927520.22473-100000@bragg>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, Jun 16, 1999 at 09:31:22AM +0930, Kris Kennaway wrote:
> On Tue, 15 Jun 1999, Gregory Sutter wrote:
> 
> > At USENIX, Niels Provos and David Mazieres presented a paper entitled
> > "A Future-Adaptable Password Scheme", in which they described two 
> > algorithms with adaptable cost, including a block cipher _eksblowfish_
> > and _bcrypt_, a related hash function.  In the paper, they have a 
> > comparison graph of traditional/bitsliced DES, MD5, and bcrypt (Figure
> > 5).  In summary, the graph shows bcrypt to be over 10^1 times slower
> > than MD5 and many orders of magnitude slower than DES.  MD5 is itself
> > many orders of magnitude slower than DES, but has a fixed cost.
> > 
> > FTR, bcrypt supports a variable number of rounds so that it will be
> > adaptable and secure as hardware speeds increase.  I left the
> > presentation very impressed with the work. 
> 
> This is the openbsd password hash scheme, isn't it?

It is indeed the OpenBSD password hash scheme.

> I've got patches to support this (among other things) almost ready to go.

Wow, Kris, that's marvelous news.  Congratulations and thanks!

Greg
-- 
Gregory S. Sutter                     "Software is like sex; it's better
mailto:gsutter@pobox.com               when it's free."  -- Linus Torvalds
http://www.pobox.com/~gsutter/
PGP DSS public key 0x40AE3052


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990615175319.W37775>