From: "Jeroen C. van Gelderen" <jeroen@vangelderen.org> To: Poul-Henning Kamp <phk@critter.freebsd.dk> Cc: Robert Watson <robert+freebsd@cyrus.watson.org>, The Tech-Admin Dude <geniusj@phoenix.unacom.com>, Brian Beaulieu <brian@capital-data.com>, freebsd-security@FreeBSD.ORG Subject: Re: Blowfish/Twofish Message-ID: <372C1CD9.43BE5852@vangelderen.org> References: <2570.925637444@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Poul-Henning Kamp wrote: > > In message <372C19F5.625BB2B@vangelderen.org>, "Jeroen C. van Gelderen" writes: > >Robert Watson wrote: > >[...] > >> I'd recommend against using Blowfish--go for Twofish. > > > >Regardless of what you think about Blowfish, recommending Twofish > >is a very, very bad move. > > Considering that the concept for passwords is a "kleenex-model", > it doesn't matter. We can change the algorithm at the first hint > of trouble and ask people to change passwords and we're in safe > water. That's not the point. In crypto you need to be as conservative as possible. Recommending a newly invented algorithm before it has seen intensive analysis is not a good idea. It doesn't matter what the application is. Cheers, Jeroen -- Jeroen C. van Gelderen - jeroen@vangelderen.org - 0xC33EDFDE To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?372C1CD9.43BE5852>