This is the mail archive of the mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [RFC][PATCH][BZ 2100] blowfish support in libcrypt

Am 01.06.2017 um 11:23 schrieb Florian Weimer:
On 05/31/2017 07:33 PM, Björn Esser wrote:
+Solar Designer <solar at>
I think we generally prefer patch submission from the original author or
copyright holder.

Are the crypt_gensalt functions strongly related to Blowfish support?
In any case, they need documentation, and I'm not sure if the interfaces
are properly designed (haven't looked in detail, admittedly).

The FIPS changes in the patch appear to be incorrect.  Surely Blowfish
should be disabled in FIPS mode, too.

I'll change this in the next version of this patch.

The other question is why we should add Blowfish support when the cipher
is pretty much on everyone's banned list.

Well, it depends on it's use case. If we're talking about encrypting large data streams then it's to be considered deprecated or vulnerable (SWEET32); talking about password hashing it still offers some advantages over other algorithms (brute forcing takes unlikely much more time on bcrypt hashed passwords) and excellent security. Look at OpenBSD, SUSE, OpenWall, etc. still using bcrypt as the default password hashing algorithm.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]