Date: Mon, 3 May 1999 09:08:29 +0200 From: Eivind Eklund <eivind@FreeBSD.ORG> To: Dug Song <dugsong@monkey.org> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Blowfish/Twofish Message-ID: <19990503090829.N32819@bitbox.follo.net> In-Reply-To: <Pine.BSF.4.03.9905021540081.10790-100000@funky.monkey.org>; from Dug Song on Sun, May 02, 1999 at 03:48:52PM -0400 References: <19990502122142.A289@samurai.com> <Pine.BSF.4.03.9905021540081.10790-100000@funky.monkey.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, May 02, 1999 at 03:48:52PM -0400, Dug Song wrote: > On Sun, May 02, 1999 at 06:16:47PM +0200, Eivind Eklund <eivind@FreeBSD.ORG> wrote: > > > > The point of this exercise would (IMO, at least) only be OpenBSD > > compatibility, where OpenBSD for marketeering reasons has decided to > > use Blowfish as part of their hash algorithm. > > marketeering? read the paper being presented by Niels Provos and David > Mazieres at next month's USENIX (FREENIX track), and decide for yourself - > "A Future-Adaptable Password Scheme": Let me try to write the same as above in a slightly different way: I don't believe the use of Blowfish as a part of the hash algorithm is necessary to achieve the design goals, and I believe it was done in order to show off OpenBSD's ability to include crypto in the core distribution. I may be wrong; it is credible to have done so for convenience reasons, too, if the authors had already developed an extensible cipher based on Blowfish, and did not want to repeat their work or force cryptoanalysis of two systems instead of one. If FreeBSD should switch default password storage hash, my vote would be for something that allowed secure challenges against it - e.g. SRP (which is much more elegant than my own proposal to achieve the same goal, which was based on searching for RSA keys). Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990503090829.N32819>