Subject: Re: PROPOSAL: adding capability for blowfish passwords
To: None <>
From: Steven M. Bellovin <>
List: current-users
Date: 05/23/2002 23:22:51
In message <>, Thor Lancelot Simon writes:
>On Thu, May 23, 2002 at 08:28:28PM -0400, Sean Davis wrote:
>> On Fri, May 24, 2002 at 08:23:12AM +0900, wrote:
>> > 	hmm.  i see.  we should implement $2$ as openbsd does (there's no need
>> > 	to be different), and the above algorithm can become $3$.
>> Sounds good to me. I could have $3$ done and (hopefully :) cleanly implement
>> in not too long, the only thing right now that I'm unsure about is how to ha
>> the salt argument to crypt. Obviously make it use the SHA512 hash if it star
>> with with $3$, but then what? just hash it in the same manner that digest us
>> to hash multiple lines? (SHA512_Update(passwordtext) then SHA512_Update(salt
>> or vice versa?)
>Uh, Steve already told you how: you use the salt as the key for HMAC_SHA512.
One other point I should mention:  the code fragment I sketched had an 
optional site-specific field.  Today's algorithm encrypts a constant 
block, which makes hashed passwords portable.  That isn't necessarily 
an advantage, since it lets an attacker combine password files from 
multiple sites for a single cracking run.  The variant allows site 
administrators to change that.

Where to store this string is an open issue.

		--Steve Bellovin, (me) ("Firewalls" book)