Date: Mon, 11 Jun 2012 00:24:02 +0100 From: RW <rwmaillists@googlemail.com> To: freebsd-security@freebsd.org Subject: Re: blf uses only 2^4 round for passwd encoding?! [Re: Default password hash] Message-ID: <20120611002402.088b2f74@gumby.homeunix.com> In-Reply-To: <CAPjTQNGOLfb64rtz3gu4xGF8aqzcjD5QBEjM_gwwAykKQoyWgA@mail.gmail.com> References: <CAPjTQNGOLfb64rtz3gu4xGF8aqzcjD5QBEjM_gwwAykKQoyWgA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 11 Jun 2012 00:37:30 +0200 Oliver Pinter wrote: > 16 rounds in 2012? It is not to weak?! It's hard to say. Remember that blowfish was designed as a cipher not a hash. It's designed to be fast, but to still resist known plaintext attacks at the beginning of the ciphertext. It was also designed to work directly with a passphrase because there was a history of programmers abusing DES by using simple ascii passwords as keys. For these reasons initialization is deliberately expensive, effectively it already contains an element of passphrase hashing.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120611002402.088b2f74>