From owner-freebsd-security Sun May 2 2:37:52 1999 Delivered-To: freebsd-security@freebsd.org Received: from schuimpje.snt.utwente.nl (schuimpje.snt.utwente.nl [130.89.238.4]) by hub.freebsd.org (Postfix) with ESMTP id 1CF03152D2 for ; Sun, 2 May 1999 02:37:49 -0700 (PDT) (envelope-from jeroen@vangelderen.org) Received: from ut243008.inbel.utwente.nl ([130.89.243.8]:2061 "EHLO vangelderen.org" ident: "NO-IDENT-SERVICE[2]") by schuimpje.snt.utwente.nl with ESMTP id <7971-20149>; Sun, 2 May 1999 11:37:31 +0200 Message-ID: <372C1CD9.43BE5852@vangelderen.org> Date: Sun, 02 May 1999 11:37:29 +0200 From: "Jeroen C. van Gelderen" X-Mailer: Mozilla 4.51 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Poul-Henning Kamp Cc: Robert Watson , The Tech-Admin Dude , Brian Beaulieu , freebsd-security@FreeBSD.ORG Subject: Re: Blowfish/Twofish References: <2570.925637444@critter.freebsd.dk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Poul-Henning Kamp wrote: > > In message <372C19F5.625BB2B@vangelderen.org>, "Jeroen C. van Gelderen" writes: > >Robert Watson wrote: > >[...] > >> I'd recommend against using Blowfish--go for Twofish. > > > >Regardless of what you think about Blowfish, recommending Twofish > >is a very, very bad move. > > Considering that the concept for passwords is a "kleenex-model", > it doesn't matter. We can change the algorithm at the first hint > of trouble and ask people to change passwords and we're in safe > water. That's not the point. In crypto you need to be as conservative as possible. Recommending a newly invented algorithm before it has seen intensive analysis is not a good idea. It doesn't matter what the application is. Cheers, Jeroen -- Jeroen C. van Gelderen - jeroen@vangelderen.org - 0xC33EDFDE To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message