Date: Sun, 2 May 1999 18:16:47 +0200 From: Eivind Eklund <eivind@FreeBSD.ORG> To: Mark Murray <mark@grondar.za> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Blowfish/Twofish Message-ID: <19990502181647.C32819@bitbox.follo.net> In-Reply-To: <199905021541.RAA02885@greenpeace.grondar.za>; from Mark Murray on Sun, May 02, 1999 at 05:41:47PM %2B0200 References: <21634.925539195@critter.freebsd.dk> <Pine.BSF.3.96.990501150648.2670B-100000@fledge.watson.org> <19990502144906.E23950@bitbox.follo.net> <199905021458.QAA02696@greenpeace.grondar.za> <19990502170929.B32819@bitbox.follo.net> <199905021541.RAA02885@greenpeace.grondar.za>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, May 02, 1999 at 05:41:47PM +0200, Mark Murray wrote: > Eivind Eklund wrote: > > > _Way_ overkill. A far simpler structure can easily be built by hand. > > > > I do not understand what you mean - elaborate? Dynamically linking in > > a new library if it is present is not very difficult - do you mean > > that OpenSSL has too complicated an API? Or what is it you're trying > > to say? > > Yes. libcrypto from OpenSSL is huge, and is hefty overkill for a > password hashing system. Apart from that, it has a name conflict > with kerberos (which also has a libcrypto). > > A password hashing system just needs a couple (few?) good hashes; > nothing else. The point of this exercise would (IMO, at least) only be OpenBSD compatibility, where OpenBSD for marketeering reasons has decided to use Blowfish as part of their hash algorithm. If people can't migrate their password files, they are much less likely to migrate to FreeBSD, which means we should support their password formats if feasible. As for the libcrypto naming conflict - is the Kerberos libcrypto used by things outside Kerberos, or is it feasible to rename it? When I get around to integrating the signature support into pkg_* (I have code that work in a test environment, but haven't had time to integrate it), we'll need libcrypto from OpenSSL in order to support signatures - and renaming it in the port would IMO be fairly evil. Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990502181647.C32819>