Date: Sun, 10 Jun 2012 19:24:57 -0400 From: emu <emu@karma.emu.so> To: <freebsd-security@freebsd.org> Subject: Re: blf uses only 2^4 round for passwd encoding?! [Re: Default password hash] Message-ID: <2d4b79dfa4ce95d66979769637db932b@karma.emu.so> In-Reply-To: <20120611002402.088b2f74@gumby.homeunix.com> References: <CAPjTQNGOLfb64rtz3gu4xGF8aqzcjD5QBEjM_gwwAykKQoyWgA@mail.gmail.com> <20120611002402.088b2f74@gumby.homeunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2012-06-10 19:24, RW wrote: > On Mon, 11 Jun 2012 00:37:30 +0200 > Oliver Pinter wrote: > > >> 16 rounds in 2012? It is not to weak?! > > It's hard to say. Remember that blowfish was designed as a cipher not > a hash. It's designed to be fast, but to still resist known plaintext > attacks at the beginning of the ciphertext. It was also designed to > work directly with a passphrase because there was a history of > programmers abusing DES by using simple ascii passwords as keys. > > For these reasons initialization is deliberately expensive, > effectively it already contains an element of passphrase hashing. > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to > "freebsd-security-unsubscribe@freebsd.org" how long are we going to go on about this
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2d4b79dfa4ce95d66979769637db932b>