In message <20030805230630.15C7E13@coconut.itojun.org>, itojun@iijlab.net write
s:

>
>>I realize that I can set the defaults to md5, even if the default
>>default changes to blowfish.  But given that blowfish is a boutique
>>cipher, I would want to see a strong argument that there is something
>>wrong with the md5 method before changing the default.  (Sorry if this
>>has been made and I missed it.)
>
>	please read this.
>	http://www.usenix.org/events/usenix99/provos/provos_html/
>	Niels Provos and David Mazie`res, "A Future-Adaptable Password Scheme",
>	1999 USENIX Annual Technical Conference
>

I read it last time this subject came up.  I didn't agree with them 
then, and I don't agree now.


		--Steve Bellovin, http://www.research.att.com/~smb