Re: blowfish password support

To: debian-security@lists.debian.org
Subject: Re: blowfish password support
From: Volker Birk <bumens@dingens.org>
Date: Thu, 30 Oct 2003 18:30:38 +0100
Message-id: <[🔎] bnrhru$ufp$01$1@news.t-online.com>
References: <MojE.24r.5@gated-at.bofh.it>

$2a$ <kerbber0s@yahoo.com> wrote:
> Is there a patch for pam ( and/or glibc ) to add
> blowfish 
> password support (openBSD style)in Debian ?

"Many cryptographers have examined Blowfish, although there are few
published results. Serge Vaudenay examined weak keys in Blowfish;
there is a class of keys that can be detected--although not broken--
in Blowfish variants of 14 rounds or less. Vincent Rijmen's Ph.D.
thesis includes a second-order differential attack on 4-round Blowfish
that cannot be extended to more rounds."

http://www.schneier.com/blowfish.html

Perhaps Twofish would be the better joice. Also Schneier.
No weaknesses known.

VB.
-- 
X-Pie Software GmbH
Postfach 1540, 88334 Bad Waldsee
Phone +49-7524-996806 Fax +49-7524-996807
mailto:vb@x-pie.de  http://www.x-pie.de

Reply to:

Prev by Date: blowfish password support
Next by Date: Re: blowfish password support
Previous by thread: Re: blowfish password support
Next by thread: passwd character limitations
Index(es):
- Date
- Thread