Subject: Re: PROPOSAL: adding capability for blowfish passwords
To: None <itojun@iijlab.net>
From: Steven M. Bellovin <smb@research.att.com>
List: current-users
Date: 05/25/2002 12:40:35
In message <20530.1022344434@itojun.org>, itojun@iijlab.net writes:
> before SHA512-based crypt() goes in, i would like to hear opinions
> from Niels Provos, the author of modified-blowfish crypt().
>
>itojun
>
Sure. But send him the complete scheme I outlined -- substituting
SHA512 for MD5 in the current code wouldn't be a useful improvement.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com ("Firewalls" book)