From owner-freebsd-security  Sun May  2  2:36:10 1999
Delivered-To: freebsd-security@freebsd.org
Received: from zippy.cdrom.com (zippy.cdrom.com [204.216.27.228])
	by hub.freebsd.org (Postfix) with ESMTP id 2CFBF1511D
	for <freebsd-security@FreeBSD.ORG>; Sun,  2 May 1999 02:36:08 -0700 (PDT)
	(envelope-from jkh@zippy.cdrom.com)
Received: from zippy.cdrom.com (localhost [127.0.0.1])
	by zippy.cdrom.com (8.9.3/8.9.3) with ESMTP id CAA23336;
	Sun, 2 May 1999 02:32:55 -0700 (PDT)
	(envelope-from jkh@zippy.cdrom.com)
To: "Jeroen C. van Gelderen" <jeroen@vangelderen.org>
Cc: Robert Watson <robert+freebsd@cyrus.watson.org>,
	Poul-Henning Kamp <phk@critter.freebsd.dk>,
	The Tech-Admin Dude <geniusj@phoenix.unacom.com>,
	Brian Beaulieu <brian@capital-data.com>, freebsd-security@FreeBSD.ORG
Subject: Re: Blowfish/Twofish 
In-reply-to: Your message of "Sun, 02 May 1999 11:25:09 +0200."
             <372C19F5.625BB2B@vangelderen.org> 
Date: Sun, 02 May 1999 02:32:55 -0700
Message-ID: <23332.925637575@zippy.cdrom.com>
From: "Jordan K. Hubbard" <jkh@zippy.cdrom.com>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> Regardless of what you think about Blowfish, recommending Twofish
> is a very, very bad move. The golden rule in crypto is that trust
> comes with the age of an algorithm. Twofish is waaaay to young to
> be trusted, especially since it's an evolutionary improvement
> over Blowfish which you don't like for some reason.

Erm, one of the goals of PAM is to support *multiple* encryption
methods, so why not do a PAM module for each and let the administrator
decide which authentication methods to support in /etc/pam.conf?

- Jordan


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message