Subject: Re: /etc/passwd.conf
To: None <>
From: Steven M. Bellovin <>
List: tech-security
Date: 08/05/2003 22:17:11
In message <>, write

>>I realize that I can set the defaults to md5, even if the default
>>default changes to blowfish.  But given that blowfish is a boutique
>>cipher, I would want to see a strong argument that there is something
>>wrong with the md5 method before changing the default.  (Sorry if this
>>has been made and I missed it.)
>	please read this.
>	Niels Provos and David Mazie`res, "A Future-Adaptable Password Scheme",
>	1999 USENIX Annual Technical Conference

I read it last time this subject came up.  I didn't agree with them 
then, and I don't agree now.

		--Steve Bellovin,