From owner-freebsd-security  Sun May  2  3: 8:15 1999
Delivered-To: freebsd-security@freebsd.org
Received: from phk.freebsd.dk (phk.freebsd.dk [212.242.40.153])
	by hub.freebsd.org (Postfix) with ESMTP id 9330F14C40
	for <freebsd-security@FreeBSD.ORG>; Sun,  2 May 1999 03:08:11 -0700 (PDT)
	(envelope-from phk@critter.freebsd.dk)
Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.40.131])
	by phk.freebsd.dk (8.9.1/8.8.8) with ESMTP id MAA22117;
	Sun, 2 May 1999 12:08:09 +0200 (CEST)
	(envelope-from phk@critter.freebsd.dk)
Received: from critter.freebsd.dk (localhost [127.0.0.1])
	by critter.freebsd.dk (8.9.2/8.9.2) with ESMTP id MAA02687;
	Sun, 2 May 1999 12:08:08 +0200 (CEST)
	(envelope-from phk@critter.freebsd.dk)
To: "Jordan K. Hubbard" <jkh@zippy.cdrom.com>
Cc: "Jeroen C. van Gelderen" <jeroen@vangelderen.org>,
	Robert Watson <robert+freebsd@cyrus.watson.org>,
	The Tech-Admin Dude <geniusj@phoenix.unacom.com>,
	Brian Beaulieu <brian@capital-data.com>, freebsd-security@FreeBSD.ORG
Subject: Re: Blowfish/Twofish 
In-reply-to: Your message of "Sun, 02 May 1999 02:33:27 PDT."
             <23355.925637607@zippy.cdrom.com> 
Date: Sun, 02 May 1999 12:08:07 +0200
Message-ID: <2685.925639687@critter.freebsd.dk>
From: Poul-Henning Kamp <phk@critter.freebsd.dk>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <23355.925637607@zippy.cdrom.com>, "Jordan K. Hubbard" writes:
>> Considering that the concept for passwords is a "kleenex-model",
>
>OK, I'll bite, what the hell is a "kleenex-model" ? :-)

The things we encrypt are transient, we don't need to keep them
around for later decryption and they can be replaced with no
problems.

If we find a problem with MD5 as we use it today, we simply plug
in something stronger and tell users to change their passwords
(or ELSE!) and we're in no danger anymore.

If we had real encrypted data we would need to retrieve it, decrypt
it recrypt it, store it *and make sure the copy made with the old
encryption is GONE* This is a PITA if you have it stored in an
optical jukebox for instance.

I was the one who coined the term "kleenex-model" for it, but it
may not be a very apt term...

--
Poul-Henning Kamp             FreeBSD coreteam member
phk@FreeBSD.ORG               "Real hackers run -current on their laptop."
FreeBSD -- It will take a long time before progress goes too far!


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message