Date: Mon, 3 May 1999 11:30:12 +0930 (CST) From: Kris Kennaway <kkennawa@physics.adelaide.edu.au> To: Adam Shostack <adam@homeport.org> Cc: "Jeroen C. van Gelderen" <jeroen@vangelderen.org>, Robert Watson <robert+freebsd@cyrus.watson.org>, Poul-Henning Kamp <phk@critter.freebsd.dk>, The Tech-Admin Dude <geniusj@phoenix.unacom.com>, Brian Beaulieu <brian@capital-data.com>, freebsd-security@freebsd.org Subject: Re: Blowfish/Twofish Message-ID: <Pine.OSF.4.10.9905031127170.29472-100000@bragg> In-Reply-To: <19990502215431.A22973@weathership.homeport.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 2 May 1999, Adam Shostack wrote: > The reason not to use Blowfish is (imho) the Pi key scheduling. Key > schedules need to be designed, not taken at random from nature. Regardless, it seems to have stood up pretty well to cryptanalysis so far - see www.counterpane.com for literature references. > The reason to not use it for passwords is that the function you want > (if you're going to not change the model), is a hash function, not a > block cipher. I was under the impression that there are standard methods for converting good block ciphers into good hash functions - I'd be surprised if this wasn't what was being done with the OpenBSD password support. Kris ----- "That suit's sharper than a page of Oscar Wilde witticisms that's been rolled up into a point, sprinkled with lemon juice and jabbed into someone's eye" "Wow, That's sharp!" - Rimmer and the Cat, _Red Dwarf_ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.OSF.4.10.9905031127170.29472-100000>