From owner-freebsd-security  Sun May  2 18:59:53 1999
Delivered-To: freebsd-security@freebsd.org
Received: from adelphi.physics.adelaide.edu.au (adelphi.physics.adelaide.edu.au [129.127.36.247])
	by hub.freebsd.org (Postfix) with ESMTP id 5852A156B9
	for <freebsd-security@freebsd.org>; Sun,  2 May 1999 18:59:48 -0700 (PDT)
	(envelope-from kkennawa@physics.adelaide.edu.au)
Received: from bragg (bragg [129.127.36.34])
	by adelphi.physics.adelaide.edu.au (8.8.8/8.8.8/UofA-1.5) with SMTP id LAA19577;
	Mon, 3 May 1999 11:29:36 +0930 (CST)
Received: from localhost by bragg; (5.65/1.1.8.2/05Aug95-0227PM)
	id AA17450; Mon, 3 May 1999 11:30:12 +0930
Date: Mon, 3 May 1999 11:30:12 +0930 (CST)
From: Kris Kennaway <kkennawa@physics.adelaide.edu.au>
X-Sender: kkennawa@bragg
To: Adam Shostack <adam@homeport.org>
Cc: "Jeroen C. van Gelderen" <jeroen@vangelderen.org>,
	Robert Watson <robert+freebsd@cyrus.watson.org>,
	Poul-Henning Kamp <phk@critter.freebsd.dk>,
	The Tech-Admin Dude <geniusj@phoenix.unacom.com>,
	Brian Beaulieu <brian@capital-data.com>, freebsd-security@freebsd.org
Subject: Re: Blowfish/Twofish
In-Reply-To: <19990502215431.A22973@weathership.homeport.org>
Message-Id: <Pine.OSF.4.10.9905031127170.29472-100000@bragg>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Sun, 2 May 1999, Adam Shostack wrote:

> The reason not to use Blowfish is (imho) the Pi key scheduling.  Key
> schedules need to be designed, not taken at random from nature.

Regardless, it seems to have stood up pretty well to cryptanalysis so far -
see www.counterpane.com for literature references.

> The reason to not use it for passwords is that the function you want
> (if you're going to not change the model), is a hash function, not a
> block cipher.

I was under the impression that there are standard methods for converting
good block ciphers into good hash functions - I'd be surprised if this wasn't
what was being done with the OpenBSD password support.

Kris

-----
"That suit's sharper than a page of Oscar Wilde witticisms that's been
rolled up into a point, sprinkled with lemon juice and jabbed into
someone's eye"
"Wow, That's sharp!" - Rimmer and the Cat, _Red Dwarf_



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message