Re: blf uses only 2^4 round for passwd encoding?! [Re: Default
On 2012-06-10 19:24, RW wrote:
> On Mon, 11 Jun 2012 00:37:30 +0200
> Oliver Pinter wrote:
>
>
>> 16 rounds in 2012? It is not to weak?!
>
> It's hard to say. Remember that blowfish was designed as a cipher not
> a hash. It's designed to be fast, but to still resist known plaintext
> attacks at the beginning of the ciphertext. It was also designed to
> work directly with a passphrase because there was a history of
> programmers abusing DES by using simple ascii passwords as keys.
>
> For these reasons initialization is deliberately expensive,
> effectively it already contains an element of passphrase hashing.
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to
> "freebsd-security-unsubscribe@freebsd.org"
how long are we going to go on about this
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 3 之 5 篇):