This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [RFC][PATCH][BZ 2100] blowfish support in libcrypt

From: Thorsten Kukuk <kukuk at suse dot de>
To: libc-alpha at sourceware dot org
Date: Tue, 20 Jun 2017 13:33:50 +0200
Subject: Re: [RFC][PATCH][BZ 2100] blowfish support in libcrypt
Authentication-results: sourceware.org; auth=none
References: <79469eab-c809-a5b8-3297-2536320a834d@gmail.com> <28bb99f5-c543-746e-db85-78428c94ae59@redhat.com> <95243f3a-062d-3a84-2e47-7e7f7550523e@gmail.com>

On Thu, Jun 01, Björn Esser wrote:

> Look at OpenBSD, SUSE, OpenWall, etc. still using bcrypt as the default password hashing algorithm.

At least for SUSE this is not correct.
Blowfish is only there for compatibility reasons with existing passwords.
With the default configuration, you cannot even create new passwords with blowfish
since many years.
The last time we discussed the topic with the blowfish author, he was surprised
that there is still somebody using it.

  Thorsten

-- 
Thorsten Kukuk, Distinguished Engineer, Senior Architect SLES & CaaSP
SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany
GF: Felix Imendoerffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nuernberg)

Follow-Ups:
- Re: [RFC][PATCH][BZ 2100] blowfish support in libcrypt
  - From: Björn Esser

References:
- Re: [RFC][PATCH][BZ 2100] blowfish support in libcrypt
  - From: Florian Weimer
- Re: [RFC][PATCH][BZ 2100] blowfish support in libcrypt
  - From: Björn Esser

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]