From owner-freebsd-security@FreeBSD.ORG  Sun Jun 10 23:28:08 2012
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id E0B51106566B
	for <freebsd-security@freebsd.org>;
	Sun, 10 Jun 2012 23:28:08 +0000 (UTC)
	(envelope-from emu@karma.emu.so)
Received: from karma.emu.so (ns1.emu.so [199.15.250.19])
	by mx1.freebsd.org (Postfix) with ESMTP id B49B78FC23
	for <freebsd-security@freebsd.org>;
	Sun, 10 Jun 2012 23:28:08 +0000 (UTC)
Received: by karma.emu.so (Postfix, from userid 80)
	id 7175E4058B4; Sun, 10 Jun 2012 19:24:57 -0400 (EDT)
To: <freebsd-security@freebsd.org>
X-PHP-Originating-Script: 501:main.inc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8;
 format=flowed
Content-Transfer-Encoding: 7bit
Date: Sun, 10 Jun 2012 19:24:57 -0400
From: emu <emu@karma.emu.so>
In-Reply-To: <20120611002402.088b2f74@gumby.homeunix.com>
References: <CAPjTQNGOLfb64rtz3gu4xGF8aqzcjD5QBEjM_gwwAykKQoyWgA@mail.gmail.com>
	<20120611002402.088b2f74@gumby.homeunix.com>
Message-ID: <2d4b79dfa4ce95d66979769637db932b@karma.emu.so>
X-Sender: emu@karma.emu.so
User-Agent: Roundcube Webmail/0.7.2
X-Mailman-Approved-At: Mon, 11 Jun 2012 01:36:08 +0000
Subject: Re: blf uses only 2^4 round for passwd encoding?! [Re: Default
	password hash]
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Jun 2012 23:28:09 -0000

On 2012-06-10 19:24, RW wrote:
> On Mon, 11 Jun 2012 00:37:30 +0200
> Oliver Pinter wrote:
>
>
>> 16 rounds in 2012? It is not to weak?!
>
> It's hard to say. Remember that blowfish was designed as a cipher not
> a hash. It's designed to be fast, but to still resist known plaintext
> attacks at the beginning of the ciphertext. It was also designed to
> work directly with a passphrase because there was a history of
> programmers abusing DES by using simple ascii passwords as keys.
>
> For these reasons initialization is deliberately expensive,
> effectively it already contains an element of passphrase hashing.
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to 
> "freebsd-security-unsubscribe@freebsd.org"
how long are we going to go on about this