On Mon, Jul 19, 2010 at 09:02:35PM -0400, Ted Unangst wrote: > On Mon, Jul 19, 2010 at 8:22 PM, Joerg Sonnenberger > <[email protected]> wrote: > > On Mon, Jul 19, 2010 at 06:37:21PM -0400, STeve Andre' wrote: > >> On Monday 19 July 2010 18:26:15 Ted Unangst wrote: > >> > Free software you can't modify is not free software. > > > > Algorithm != implementation (== software). > > > >> That's especially galling for software where there are real security > >> considerations: suppose you find a flaw in the algorithm--you can't > >> fix it? > > > > You mean like Debian fixed the usage of uninitialized variables in > > OpenSSL? In the cryptographic community the need to "fix" an algorithm > > is generally considered a good sign to stay away from the algorithm > > completely. Can you name a case where an algorithm was fixed and the > > result was actually a stronger algorithm? Avoiding weak keys for example > > is not a modification of an algorithm, it is just a more specific choice > > of choosing random keys. I am talking about actually modifying the > > encryption algorithm. > > > > Side note: the complain is also pointless because a modified algorithm > > wouldn't be interoperable anyway, making the point mood as well. > > Bullshit. If blowfish had come with such retarded no-modification > terms, we wouldn't have the bcrypt password hashing scheme we use > today.
And where excatly does bcrypt modify the Blowfish algorithm? Of course, it greatly helps to prove your point that the description of the algorithm in the source is generic for any ECB algorithm... Joerg
