Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 2 May 1999 18:16:47 +0200
From:      Eivind Eklund <eivind@FreeBSD.ORG>
To:        Mark Murray <mark@grondar.za>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: Blowfish/Twofish
Message-ID:  <19990502181647.C32819@bitbox.follo.net>
In-Reply-To: <199905021541.RAA02885@greenpeace.grondar.za>; from Mark Murray on Sun, May 02, 1999 at 05:41:47PM %2B0200
References:  <21634.925539195@critter.freebsd.dk> <Pine.BSF.3.96.990501150648.2670B-100000@fledge.watson.org> <19990502144906.E23950@bitbox.follo.net> <199905021458.QAA02696@greenpeace.grondar.za> <19990502170929.B32819@bitbox.follo.net> <199905021541.RAA02885@greenpeace.grondar.za>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, May 02, 1999 at 05:41:47PM +0200, Mark Murray wrote:
> Eivind Eklund wrote:
> > > _Way_ overkill. A far simpler structure can easily be built by hand.
> > 
> > I do not understand what you mean - elaborate?  Dynamically linking in
> > a new library if it is present is not very difficult - do you mean
> > that OpenSSL has too complicated an API?  Or what is it you're trying
> > to say?
> 
> Yes. libcrypto from OpenSSL is huge, and is hefty overkill for a
> password hashing system. Apart from that, it has a name conflict
> with kerberos (which also has a libcrypto).
> 
> A password hashing system just needs a couple (few?) good hashes;
> nothing else.

The point of this exercise would (IMO, at least) only be OpenBSD
compatibility, where OpenBSD for marketeering reasons has decided to
use Blowfish as part of their hash algorithm.  If people can't migrate
their password files, they are much less likely to migrate to FreeBSD,
which means we should support their password formats if feasible.

As for the libcrypto naming conflict - is the Kerberos libcrypto used
by things outside Kerberos, or is it feasible to rename it?  When I
get around to integrating the signature support into pkg_* (I have
code that work in a test environment, but haven't had time to
integrate it), we'll need libcrypto from OpenSSL in order to support
signatures - and renaming it in the port would IMO be fairly evil.

Eivind.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990502181647.C32819>