On Fri, 30 Dec 2005, Travers Buda wrote: > On Friday 30 December 2005 00:08, Damien Miller wrote: > > On Thu, 29 Dec 2005, Travers Buda wrote: > > > The key schedule in both is _much_ faster than Blowfish. > > > > That is not a feature, at least not in the contexts where we use > > blowfish most. > > Yes, I realize that. I did not say fast key schedules are desireable. > You're jumping the gun. > > > guess what? We have used long salts with Blowfish passwords since at > > least 1999. > > I was unaware of this. I shall read that paper before I continue > replying. > > > If there is a use of Blowfish in OpenBSD that you think is > > inappropriate then please send diffs. > > I'm not concerned with the use of Blowfish in the password file, rather > I think it's the best choice. What I think is irrelevent here > really--the facts speak for themselves. > > What I'm concerned about is the use of Blowfish in vm.swapencrypt.enable > and vnconfig -k. Just because its use in the password file is genius, > does not necessairly mean it would make for the best option elsewhere.
Swapencrypt uses aes. Check /usr/src/sys/uvm/uvm_swap_encrypt.c > > What I'm worried about is that several devs implemented this fantastic > password file scheme, then perhaps (no accusations yet) got deluded > that Blowfish is the greatest thing since sliced bread and decided it's > fit for everything--including their laundry. If you do not trust us, why use OpenBSD? > > > If there is a use of Blowfish in OpenBSD that you think is. > > inappropriate then please send diffs. > > I am in the process of learning various languages, starting with C. > (Crypto still affects everyone--including those who don't program or > are cryptographers.) I also would hope that things would be evaluated > for problems before solutions are applied. > > I'm just looking for some reassurances, Mr. Miller. Docs are preferable, > unfortunately the informative link you sent me earlier does not cover > the use of Blowfish elsewhere in OpenBSD. That's what I've been looking > for; I had to turn here since I could not find such info. > > I also knew I'd get lambasted on misc since the prospect of a lack of > documentation of OpenBSD is preposterous. > -Otto