Date: Mon, 11 Jun 2012 00:24:02 +0100 From: RW <rwmaillists@googlemail.com> To: freebsd-security@freebsd.org Subject: Re: blf uses only 2^4 round for passwd encoding?! [Re: Default password hash] Message-ID: <20120611002402.088b2f74@gumby.homeunix.com> In-Reply-To: <CAPjTQNGOLfb64rtz3gu4xGF8aqzcjD5QBEjM_gwwAykKQoyWgA@mail.gmail.com>
index | next in thread | previous in thread | raw e-mail
On Mon, 11 Jun 2012 00:37:30 +0200 Oliver Pinter wrote: > 16 rounds in 2012? It is not to weak?! It's hard to say. Remember that blowfish was designed as a cipher not a hash. It's designed to be fast, but to still resist known plaintext attacks at the beginning of the ciphertext. It was also designed to work directly with a passphrase because there was a history of programmers abusing DES by using simple ascii passwords as keys. For these reasons initialization is deliberately expensive, effectively it already contains an element of passphrase hashing.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120611002402.088b2f74>