Subject: Re: /etc/passwd.conf
To: None <email@example.com>
From: Steven M. Bellovin <firstname.lastname@example.org>
Date: 08/05/2003 22:17:11
In message <20030805230630.15C7E13@coconut.itojun.org>, email@example.com write
>>I realize that I can set the defaults to md5, even if the default
>>default changes to blowfish. But given that blowfish is a boutique
>>cipher, I would want to see a strong argument that there is something
>>wrong with the md5 method before changing the default. (Sorry if this
>>has been made and I missed it.)
> please read this.
> Niels Provos and David Mazie`res, "A Future-Adaptable Password Scheme",
> 1999 USENIX Annual Technical Conference
I read it last time this subject came up. I didn't agree with them
then, and I don't agree now.
--Steve Bellovin, http://www.research.att.com/~smb