Re: A question about passwords and login/authentication

From: Scott Gifford (
Date: 03/16/05

  • Next message: abend: "Apache+PHP+ftp security"
    To: Steffen Kluge <>
    Date: Wed, 16 Mar 2005 12:05:57 -0500

    Steffen Kluge <> writes:

    > On Tue, 2005-03-15 at 14:53 +0100, Pavol Luptak wrote:
    >> Try blowfish instead MD5
    > I feel a bit uneasy about using symmetric ciphers (like DES or blowfish)
    > for password encryption. I'm not a crypto guy, but doesn't this bring
    > about the whole bloody key management can of worms?

    Traditional Unix passwords encrypt a constant string using the
    password as the key, effectively turning a symmetric cipher into a
    one-way hash.


  • Next message: abend: "Apache+PHP+ftp security"