This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [RFC][PATCH][BZ 2100] blowfish support in libcrypt
- From: Zack Weinberg <zackw at panix dot com>
- To: GNU C Library <libc-alpha at sourceware dot org>
- Date: Fri, 8 Sep 2017 17:39:26 -0400
- Subject: Re: [RFC][PATCH][BZ 2100] blowfish support in libcrypt
- Authentication-results: sourceware.org; auth=none
- References: <79469eab-c809-a5b8-3297-2536320a834d@gmail.com> <28bb99f5-c543-746e-db85-78428c94ae59@redhat.com> <20170620112602.GA15168@suse.de> <20170620115150.GB27007@altlinux.org> <20170908211957.GB19351@altlinux.org>
On Fri, Sep 8, 2017 at 5:19 PM, Dmitry V. Levin <ldv@altlinux.org> wrote:
> On Tue, Jun 20, 2017 at 02:51:51PM +0300, Dmitry V. Levin wrote:
>> On Tue, Jun 20, 2017 at 01:26:02PM +0200, Thorsten Kukuk wrote:
>> >
>> > And there are today better cipher. Blowfish is outdated today.
>>
>> Well, bcrypt is not blowfish. :)
>
> I think blanket objections like this don't help to reach a consensus.
This whole discussion has left me very, very confused. In the larger
community of people hashing passwords (larger than the community of
people using crypt(3) to do it, that is), you can find plenty of
glowing recommendations for bcrypt, e.g.
https://codahale.com/how-to-safely-store-a-password/ and
https://security.stackexchange.com/a/6415 (both from circa 2010,
admittedly). There are newer things out there, like Argon2
(https://password-hashing.net/#argon2) but I haven't heard anyone
saying bcrypt is _broken_.
_Blowfish_, the block cipher, is indeed too weak to use as a
general-purpose symmetric cryptosystem anymore, but only because its
block size is too small, not because the algorithm is bad (AFAIK,
anyway) and as used in bcrypt it's still sound. It's kinda like how
HMAC-SHA1 is still secure even though SHA1 itself isn't trustworthy
anymore.
Is there some _other_ password hash, confusingly also called "bcrypt",
that is no good anymore?
zw