Subject: Re: PROPOSAL: adding capability for blowfish passwords
To: Sean Davis <>
From: Lubomir Sedlacik <>
List: current-users
Date: 05/23/2002 15:37:03
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable


my $.02

On Thu, May 23, 2002 at 07:42:07AM -0400, Sean Davis wrote:
> On Thu, May 23, 2002 at 07:35:12AM -0400, Steven M. Bellovin wrote:
> > In my opinion, there's no technical reason to do it.  If you want to=20
> > add a new scheme, SHA512 would be a much better choice.  The only=20
> > reason I can see is password file compatibility with OpenBSD.
> That is the main reason it seems like a useful idea to me,
> [...]

well, if someone is going to add new algorithm i am for adding support
for blowfish too, if nothing else just for compatibility with OpenBSD
password files.  SHA512 is ok for me.

> > First, passwords are not "encrypted", they're *hashed*.  That is,=20
> > encryption has the property that it's reversible; one can go from the=
> > ciphertext to the plaintext.  The password scheme is by intent=20
> > irreversible (see the Morris and Thompson paper in the November 1979=20
> > issue of CACM -- which, come to think of it, might be in the=20
> > newly-freed Unix documents) for more details on the design.

this one?

 Password Security:  A Case History Encryption Computing

  Robert Morris
  Ken Thompson

  April 3, 1978


-- Lubomir Sedlacik <>   ASCII Ribbon campaign against  /"\=
--                  <>   e-mail in gratuitous HTML and  \ /=
--                                       Microsoft proprietary formats   X =
-- PGPkey:                                  / \=
-- Key Fingerprint: DBEC 8BEC 9A90 ECEC 0FEF  716E 59CE B70B 7E3B 70E2     =

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.0.7 (NetBSD)