blf uses only 2^4 round for passwd encoding?! [Re: Default
password hash]
Mike Andrews
mandrews at bit0.com
Mon Jun 11 21:36:18 UTC 2012
On 6/10/12 8:03 PM, Oliver Pinter wrote:
> On 6/11/12, RW<rwmaillists at googlemail.com> wrote:
>> On Mon, 11 Jun 2012 00:37:30 +0200
>> Oliver Pinter wrote:
>>
>>> 16 rounds in 2012? It is not to weak?!
>> It's hard to say. Remember that blowfish was designed as a cipher not
>> a hash. It's designed to be fast, but to still resist known plaintext
>> attacks at the beginning of the ciphertext. It was also designed to
>> work directly with a passphrase because there was a history of
>> programmers abusing DES by using simple ascii passwords as keys.
>>
>> For these reasons initialization is deliberately expensive,
>> effectively it already contains an element of passphrase hashing.
> Yes, I know that the blowfish is a cipher and not hash, but I think 16
> round today is too small. I checked this in a freshly installed
> openbsd, and they used 256 round ($2a$08$...) .
>
In OpenBSD, I think the number of Blowfish rounds is configurable via
login.conf. I'd think that'd be an easy change to bring over...
More information about the freebsd-security
mailing list