From owner-freebsd-security Sun May 2 9:16:57 1999 Delivered-To: freebsd-security@freebsd.org Received: from ns1.yes.no (ns1.yes.no [195.204.136.10]) by hub.freebsd.org (Postfix) with ESMTP id 366BB1542D for ; Sun, 2 May 1999 09:16:50 -0700 (PDT) (envelope-from eivind@bitbox.follo.net) Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218]) by ns1.yes.no (8.9.1a/8.9.1) with ESMTP id SAA17563; Sun, 2 May 1999 18:16:49 +0200 (CEST) Received: (from eivind@localhost) by bitbox.follo.net (8.8.8/8.8.6) id SAA33436; Sun, 2 May 1999 18:16:47 +0200 (MET DST) Date: Sun, 2 May 1999 18:16:47 +0200 From: Eivind Eklund To: Mark Murray Cc: freebsd-security@FreeBSD.ORG Subject: Re: Blowfish/Twofish Message-ID: <19990502181647.C32819@bitbox.follo.net> References: <21634.925539195@critter.freebsd.dk> <19990502144906.E23950@bitbox.follo.net> <199905021458.QAA02696@greenpeace.grondar.za> <19990502170929.B32819@bitbox.follo.net> <199905021541.RAA02885@greenpeace.grondar.za> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.1i In-Reply-To: <199905021541.RAA02885@greenpeace.grondar.za>; from Mark Murray on Sun, May 02, 1999 at 05:41:47PM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, May 02, 1999 at 05:41:47PM +0200, Mark Murray wrote: > Eivind Eklund wrote: > > > _Way_ overkill. A far simpler structure can easily be built by hand. > > > > I do not understand what you mean - elaborate? Dynamically linking in > > a new library if it is present is not very difficult - do you mean > > that OpenSSL has too complicated an API? Or what is it you're trying > > to say? > > Yes. libcrypto from OpenSSL is huge, and is hefty overkill for a > password hashing system. Apart from that, it has a name conflict > with kerberos (which also has a libcrypto). > > A password hashing system just needs a couple (few?) good hashes; > nothing else. The point of this exercise would (IMO, at least) only be OpenBSD compatibility, where OpenBSD for marketeering reasons has decided to use Blowfish as part of their hash algorithm. If people can't migrate their password files, they are much less likely to migrate to FreeBSD, which means we should support their password formats if feasible. As for the libcrypto naming conflict - is the Kerberos libcrypto used by things outside Kerberos, or is it feasible to rename it? When I get around to integrating the signature support into pkg_* (I have code that work in a test environment, but haven't had time to integrate it), we'll need libcrypto from OpenSSL in order to support signatures - and renaming it in the port would IMO be fairly evil. Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message