From owner-freebsd-security  Tue Jun 15 17:59:11 1999
Delivered-To: freebsd-security@freebsd.org
Received: from 001101.zer0.org (001101.zer0.org [206.24.105.163])
	by hub.freebsd.org (Postfix) with ESMTP id A7DB515283
	for <freebsd-security@FreeBSD.ORG>; Tue, 15 Jun 1999 17:59:01 -0700 (PDT)
	(envelope-from gsutter@001101.zer0.org)
Received: (from gsutter@localhost)
	by 001101.zer0.org (8.9.2/8.9.2) id RAA84544;
	Tue, 15 Jun 1999 17:53:20 -0700 (PDT)
	(envelope-from gsutter)
Date: Tue, 15 Jun 1999 17:53:19 -0700
From: Gregory Sutter <gsutter@pobox.com>
To: Kris Kennaway <kkennawa@physics.adelaide.edu.au>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: DES & MD5?
Message-ID: <19990615175319.W37775@001101.zer0.org>
References: <19990615135003.U37775@001101.zer0.org> <Pine.OSF.4.10.9906160927520.22473-100000@bragg>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95.4i
In-Reply-To: <Pine.OSF.4.10.9906160927520.22473-100000@bragg>; from Kris Kennaway on Wed, Jun 16, 1999 at 09:31:22AM +0930
Organization: Zer0
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Wed, Jun 16, 1999 at 09:31:22AM +0930, Kris Kennaway wrote:
> On Tue, 15 Jun 1999, Gregory Sutter wrote:
> 
> > At USENIX, Niels Provos and David Mazieres presented a paper entitled
> > "A Future-Adaptable Password Scheme", in which they described two 
> > algorithms with adaptable cost, including a block cipher _eksblowfish_
> > and _bcrypt_, a related hash function.  In the paper, they have a 
> > comparison graph of traditional/bitsliced DES, MD5, and bcrypt (Figure
> > 5).  In summary, the graph shows bcrypt to be over 10^1 times slower
> > than MD5 and many orders of magnitude slower than DES.  MD5 is itself
> > many orders of magnitude slower than DES, but has a fixed cost.
> > 
> > FTR, bcrypt supports a variable number of rounds so that it will be
> > adaptable and secure as hardware speeds increase.  I left the
> > presentation very impressed with the work. 
> 
> This is the openbsd password hash scheme, isn't it?

It is indeed the OpenBSD password hash scheme.

> I've got patches to support this (among other things) almost ready to go.

Wow, Kris, that's marvelous news.  Congratulations and thanks!

Greg
-- 
Gregory S. Sutter                     "Software is like sex; it's better
mailto:gsutter@pobox.com               when it's free."  -- Linus Torvalds
http://www.pobox.com/~gsutter/
PGP DSS public key 0x40AE3052


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message