On Tue, Sep 09, 2003 at 11:32:03AM +0100, Charles Blundell wrote:
> 
> I do not know if this is related, but I came across a small mistake
> in the pbkdf2 implementation of cgdconfig(8).

Great catch! You just made Roland's day more fun, I guess :-)

> Migration for existing configs seems simple since we just add an
> extra stored key to old configs of pbkdf2_orig xor pbkdf2.

Yep, or even just continue to provide the old code as pbkdf2_orig
keygen mechanism.

> I guess this is something else?

Yes, it is something else.  The blowfish problem stems from
discovering just a little to late that the blowfish routines, unlike
all the other ciphers, count key length in bytes rather than bits.

--
Dan.