Subject: Re: PROPOSAL: adding capability for blowfish passwords
To: None <current-users@netbsd.org>
From: David Laight <david@l8s.co.uk>
List: current-users
Date: 05/25/2002 22:11:16
>
> So, as I said before: Blowfish isn't a bad way to hash passwords; it's
> simply not designed for that purpose.
From "Applied Cryptography" by Bruce Schneier, 2nd Ed page 336:
"Blowfish is an algorithm of my own design, ... Blowfish is
not suitable for applications such as ..., or as a one way
hash function."
David
--
David Laight: david@l8s.co.uk