For anyone who missed http://it.slashdot.org/story/11/06/20/2257229/13-Year-Old-Password-Security-Bug-Fixed?utm_source=rss1.0&utm_medium=feed
There is a bug in many implementations of blowfish for hashing 8 bit characters (for example, in passwords), due to the usage of char instead of unsigned char. It's going to take a while to identify all of the places where blowfish has been used with the incorrect code, and fixed. Regards, Dave Hodgins
