Re: blow fish
I think Mark Murray is still sitting on the patch I did for this very thing. Check the -hackers mail archives. It was about 2-3 Months ago, so it may not even patch cleanly anymore against -CURRENT. I committed this today! Apologies for the delay. M -- Mark Murray Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: blow fish
-BEGIN PGP SIGNED MESSAGE- On Fri, 2 Mar 2001, Paul Herman wrote: but this has got to be the 3rd or 4th time somebody has asked for it. sorry I didn't know :o( Vojislav Milunovic [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: PGPfreeware 5.0i for non-commercial use Charset: noconv iQEVAwUBOqCxLi3gPLld8IkLAQE+3QgAhGJdUuPROmUgrS8cHA2WieQlq/RYzYlV t9nqMFNPT/V5xC8jKhjLgDTnCoQSJyVhKGtZbx/eiMEniykMXT7Ct2oqTwuW+62M rO4Vgc7IQq4UFhGtZBhUtUd6lpuk9w9FByo/Toc+phzMNyw8K4yMnK4+612harbN dPjiZtTrtR8v8liKQIxBNJhC/FyoYTMPgbAAK8igWuZFeLmFEnetalckbEq3qVvQ 4S7ahMTvt4FRoGtJto8Zsld+KdIirW41kJVRP8JV2oVjqAS9onVfEaquqyOoRW5R Xc9ZXRafFviioQdmWARBoj4yGKjrp+aXrGF0U2jGLSo+/vuHdyPvCg== =qheC -END PGP SIGNATURE- To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
blow fish
-BEGIN PGP SIGNED MESSAGE- Does anybody have blow fish for FreeBSD or know wehere to find it? I just want to change password encription from MD5 to blow fish:o) Vojislav Milunovic [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: PGPfreeware 5.0i for non-commercial use Charset: noconv iQEVAwUBOp+QqC3gPLld8IkLAQEYoAf7B03lKgYhL1ClCKPIJphHqYrIjfs+SYpJ 0FJxkVK23azHyioDVXwSUH5i6C7GMkmFsiuW+xcNNrwY91IRBmJr7iwfJgdZovT2 8GJxxb0z9ByV5CtWGSYdoFF91grgsduaBFMXGOmFTjL5BDD9sA19SP5cppqB0i1k 7d0/fDrg8Pja7DBFYMOoZ51POBn9upvp0XecIoMkxk13axRE/JU/2Ugi/eEPvkoF jdaEqrPzjfjjC1qENhzSk2An6SIY640njyj0iJocgOj/Qa1fMvpPH72quw8vQkw2 icAasJU82JhiAUNHdKe87KnDUM/3vpyJfzG6cMBFhT3AqMWzzDUy5Q== =aNKQ -END PGP SIGNATURE- To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: blow fish
On Fri, Mar 02, 2001 at 01:23:01PM +0100, milunovic wrote: Does anybody have blow fish for FreeBSD or know wehere to find it? I just want to change password encription from MD5 to blow fish:o) A little question: why? MD5 seems to be secure enough. Other than that, look at the security/libmcrypt port, it has Blowfish as an available encryption algorithm. It's not in a usable form for password encryption, though; you need to pull out the guts of the encryption function and build your own crypt() function. G'luck, Peter -- If wishes were fishes, the antecedent of this conditional would be true. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: blow fish
On Fri, Mar 02, 2001 at 02:26:03PM +0200, Peter Pentchev wrote: On Fri, Mar 02, 2001 at 01:23:01PM +0100, milunovic wrote: Does anybody have blow fish for FreeBSD or know wehere to find it? I just want to change password encription from MD5 to blow fish:o) A little question: why? MD5 seems to be secure enough. Other than that, look at the security/libmcrypt port, it has Blowfish as an available encryption algorithm. It's not in a usable form for password encryption, though; you need to pull out the guts of the encryption function and build your own crypt() function. Come to think of it, there's nothing that would prevent security/libmcrypt to be part of the authentication process (not crypt(), though). Is there something inherently flawed in the idea of a PAM module using libs which do not live in /usr, but in /usr/local? G'luck, Peter -- If I had finished this sentence, To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: blow fish
-BEGIN PGP SIGNED MESSAGE- On Fri, 2 Mar 2001, Peter Pentchev wrote: A little question: why? MD5 seems to be secure enough. Just to try it:o) Vojislav Milunovic [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: PGPfreeware 5.0i for non-commercial use Charset: noconv iQEVAwUBOp+XMy3gPLld8IkLAQGGwgf6A3vwNZt14RitgklZG6GCCZCVoO18PZbX TRzwnOf25wD0noHcoSknwbVJ8T+A0/DMMUoMhIMjJ9vElXDXVIML92N46WICbYBj tZX1Ofb34jg/f5mK+eXqKagjqFUge8FVTzqfOeqp7Kkh40IwRGG96eWgJdzvI3e8 Ablcyr8hFC1ouXDLBfu3/hj5zBWx38VsabBgrMvMTwyPkGqsID5IBWH6X4k6odO5 sp1nCfOjZA8d4/yl1gofSSKmX2sAdUGE//RJJlAVBhDrCYR6AGHdlwF6Sn5fywdt NFgISDlJiCMRBjHXoIqRhdEIgkQudgyxUYCvWXA/JeU2a0u3sL1t5g== =DELV -END PGP SIGNATURE- To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: blow fish
On Fri, 2 Mar 2001, milunovic wrote: Does anybody have blow fish for FreeBSD or know wehere to find it? I just want to change password encription from MD5 to blow fish:o) I think Mark Murray is still sitting on the patch I did for this very thing. Check the -hackers mail archives. It was about 2-3 Months ago, so it may not even patch cleanly anymore against -CURRENT. As for why, I can only think of two reasons. One, the geek factor (it has an iteration parameter built into the hash to "increase" security on the fly, it's pretty trick), but mostly two, for people using NIS between OpenBSD and FreeBSD boxen. I don't use it (it was just a fun little hacking project), so I personally don't care if it gets worked into the tree, but this has got to be the 3rd or 4th time somebody has asked for it. -Paul. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: blow fish
On Fri, Mar 02, 2001 at 02:31:41PM +0200, Peter Pentchev wrote: On Fri, Mar 02, 2001 at 02:26:03PM +0200, Peter Pentchev wrote: On Fri, Mar 02, 2001 at 01:23:01PM +0100, milunovic wrote: Does anybody have blow fish for FreeBSD or know wehere to find it? I just want to change password encription from MD5 to blow fish:o) A little question: why? MD5 seems to be secure enough. Other than that, look at the security/libmcrypt port, it has Blowfish as an available encryption algorithm. It's not in a usable form for password encryption, though; you need to pull out the guts of the encryption function and build your own crypt() function. Come to think of it, there's nothing that would prevent security/libmcrypt to be part of the authentication process (not crypt(), though). Is there something inherently flawed in the idea of a PAM module using libs which do not live in /usr, but in /usr/local? Why not just use OpenSSL which also includes this algorithm? You'd still need to build it into a crypt() function, and the correct location and layering for that to take place is in libcrypt, not PAM. Kris PGP signature
