From owner-freebsd-hackers Fri Mar 2 16: 4:38 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from obsecurity.dyndns.org (adsl-63-207-60-158.dsl.lsan03.pacbell.net [63.207.60.158]) by hub.freebsd.org (Postfix) with ESMTP id A0F1037B718 for ; Fri, 2 Mar 2001 16:04:35 -0800 (PST) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 3D65366F09; Fri, 2 Mar 2001 16:04:35 -0800 (PST) Date: Fri, 2 Mar 2001 16:04:35 -0800 From: Kris Kennaway To: Peter Pentchev Cc: milunovic , hackers@freebsd.org Subject: Re: blow fish Message-ID: <20010302160435.B49111@mollari.cthul.hu> References: <20010302142603.A2609@ringworld.oblivion.bg> <20010302143141.B2609@ringworld.oblivion.bg> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="qlTNgmc+xy1dBmNv" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010302143141.B2609@ringworld.oblivion.bg>; from roam@orbitel.bg on Fri, Mar 02, 2001 at 02:31:41PM +0200 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --qlTNgmc+xy1dBmNv Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Mar 02, 2001 at 02:31:41PM +0200, Peter Pentchev wrote: > On Fri, Mar 02, 2001 at 02:26:03PM +0200, Peter Pentchev wrote: > > On Fri, Mar 02, 2001 at 01:23:01PM +0100, milunovic wrote: > > >=20 > > > Does anybody have blow fish for FreeBSD or know wehere to find it? > > > I just want to change password encription from MD5 to blow fish:o) > >=20 > > A little question: why? MD5 seems to be secure enough. > >=20 > > Other than that, look at the security/libmcrypt port, it has Blowfish > > as an available encryption algorithm. It's not in a usable form for > > password encryption, though; you need to pull out the guts of the > > encryption function and build your own crypt() function. >=20 > Come to think of it, there's nothing that would prevent security/libmcrypt > to be part of the authentication process (not crypt(), though). Is there > something inherently flawed in the idea of a PAM module using libs which > do not live in /usr, but in /usr/local? Why not just use OpenSSL which also includes this algorithm? You'd still need to build it into a crypt() function, and the correct location and layering for that to take place is in libcrypt, not PAM. Kris --qlTNgmc+xy1dBmNv Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6oDUSWry0BWjoQKURAnm7AJwMf4LnhKJ5jcLs1/1OMJXRXYTkRgCeIIdS P9Scu1wXET9UogTFP9TmIrE= =U5KE -----END PGP SIGNATURE----- --qlTNgmc+xy1dBmNv-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message