Date: Sun, 02 May 1999 12:08:07 +0200 From: Poul-Henning Kamp <phk@critter.freebsd.dk> To: "Jordan K. Hubbard" <jkh@zippy.cdrom.com> Cc: "Jeroen C. van Gelderen" <jeroen@vangelderen.org>, Robert Watson <robert+freebsd@cyrus.watson.org>, The Tech-Admin Dude <geniusj@phoenix.unacom.com>, Brian Beaulieu <brian@capital-data.com>, freebsd-security@FreeBSD.ORG Subject: Re: Blowfish/Twofish Message-ID: <2685.925639687@critter.freebsd.dk> In-Reply-To: Your message of "Sun, 02 May 1999 02:33:27 PDT." <23355.925637607@zippy.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <23355.925637607@zippy.cdrom.com>, "Jordan K. Hubbard" writes: >> Considering that the concept for passwords is a "kleenex-model", > >OK, I'll bite, what the hell is a "kleenex-model" ? :-) The things we encrypt are transient, we don't need to keep them around for later decryption and they can be replaced with no problems. If we find a problem with MD5 as we use it today, we simply plug in something stronger and tell users to change their passwords (or ELSE!) and we're in no danger anymore. If we had real encrypted data we would need to retrieve it, decrypt it recrypt it, store it *and make sure the copy made with the old encryption is GONE* This is a PITA if you have it stored in an optical jukebox for instance. I was the one who coined the term "kleenex-model" for it, but it may not be a very apt term... -- Poul-Henning Kamp FreeBSD coreteam member phk@FreeBSD.ORG "Real hackers run -current on their laptop." FreeBSD -- It will take a long time before progress goes too far! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2685.925639687>