From owner-freebsd-security Sun May 2 2:30:49 1999 Delivered-To: freebsd-security@freebsd.org Received: from phk.freebsd.dk (phk.freebsd.dk [212.242.40.153]) by hub.freebsd.org (Postfix) with ESMTP id 6515814F95 for ; Sun, 2 May 1999 02:30:46 -0700 (PDT) (envelope-from phk@critter.freebsd.dk) Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.40.131]) by phk.freebsd.dk (8.9.1/8.8.8) with ESMTP id LAA21806; Sun, 2 May 1999 11:30:45 +0200 (CEST) (envelope-from phk@critter.freebsd.dk) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.9.2/8.9.2) with ESMTP id LAA02572; Sun, 2 May 1999 11:30:44 +0200 (CEST) (envelope-from phk@critter.freebsd.dk) To: "Jeroen C. van Gelderen" Cc: Robert Watson , The Tech-Admin Dude , Brian Beaulieu , freebsd-security@FreeBSD.ORG Subject: Re: Blowfish/Twofish In-reply-to: Your message of "Sun, 02 May 1999 11:25:09 +0200." <372C19F5.625BB2B@vangelderen.org> Date: Sun, 02 May 1999 11:30:44 +0200 Message-ID: <2570.925637444@critter.freebsd.dk> From: Poul-Henning Kamp Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <372C19F5.625BB2B@vangelderen.org>, "Jeroen C. van Gelderen" writes: >Robert Watson wrote: >[...] >> I'd recommend against using Blowfish--go for Twofish. > >Regardless of what you think about Blowfish, recommending Twofish >is a very, very bad move. Considering that the concept for passwords is a "kleenex-model", it doesn't matter. We can change the algorithm at the first hint of trouble and ask people to change passwords and we're in safe water. -- Poul-Henning Kamp FreeBSD coreteam member phk@FreeBSD.ORG "Real hackers run -current on their laptop." FreeBSD -- It will take a long time before progress goes too far! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message