Subject: Re: PROPOSAL: adding capability for blowfish passwords
To: None <>
From: David Laight <>
List: current-users
Date: 05/25/2002 22:11:16
> So, as I said before:  Blowfish isn't a bad way to hash passwords; it's 
> simply not designed for that purpose.

From "Applied Cryptography" by Bruce Schneier, 2nd Ed page 336:

"Blowfish is an algorithm of my own design, ... Blowfish is
not suitable for applications such as ..., or as a one way
hash function."


David Laight: