blf uses only 2^4 round for passwd encoding?! [Re: Default
password hash]
emu
emu at karma.emu.so
Sun Jun 10 23:28:09 UTC 2012
On 2012-06-10 19:24, RW wrote:
> On Mon, 11 Jun 2012 00:37:30 +0200
> Oliver Pinter wrote:
>
>
>> 16 rounds in 2012? It is not to weak?!
>
> It's hard to say. Remember that blowfish was designed as a cipher not
> a hash. It's designed to be fast, but to still resist known plaintext
> attacks at the beginning of the ciphertext. It was also designed to
> work directly with a passphrase because there was a history of
> programmers abusing DES by using simple ascii passwords as keys.
>
> For these reasons initialization is deliberately expensive,
> effectively it already contains an element of passphrase hashing.
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to
> "freebsd-security-unsubscribe at freebsd.org"
how long are we going to go on about this
More information about the freebsd-security
mailing list