From owner-freebsd-security  Sun May  2 19: 3: 4 1999
Delivered-To: freebsd-security@freebsd.org
Received: from alcanet.com.au (border.alcanet.com.au [203.62.196.10])
	by hub.freebsd.org (Postfix) with ESMTP id 39F8915728
	for <freebsd-security@FreeBSD.ORG>; Sun,  2 May 1999 19:02:56 -0700 (PDT)
	(envelope-from peter.jeremy@auss2.alcatel.com.au)
Received: by border.alcanet.com.au id <40331>; Mon, 3 May 1999 11:48:10 +1000
Date: Mon, 3 May 1999 12:02:44 +1000
From: Peter Jeremy <peter.jeremy@auss2.alcatel.com.au>
Subject: Re: Blowfish/Twofish
To: adam@homeport.org
Cc: freebsd-security@FreeBSD.ORG
Message-Id: <99May3.114810est.40331@border.alcanet.com.au>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Adam Shostack <adam@homeport.org> wrote:
>The reason to not use it for passwords is that the function you want
>(if you're going to not change the model), is a hash function, not a
>block cipher.

You'd better let Bob Morris know this :-).

Why can't a block cipher (like, say DES) be used for a password
hashing function?  (I realise that the DES used for Unix password
hashing is `tweaked', but that was done solely to prevent people using
off-the-shelf DES hardware to crack passwords - the salt can be
injected in several other ways).

The MD5 description includes a simple algorithm for taking an
arbitrary string of bits and feeding it though a block hash function.
Exactly the same can be done with a block cipher.

Peter


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message