Re: A question about passwords and login/authentication
From: Scott Gifford (sgifford_at_suspectclass.com)
Date: 03/16/05
- Previous message: Mike Delaney: "Re: A question about passwords and login/authentication"
- In reply to: Steffen Kluge: "Re: A question about passwords and login/authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Steffen Kluge <kluge@fujitsu.com.au> Date: Wed, 16 Mar 2005 12:05:57 -0500
Steffen Kluge <kluge@fujitsu.com.au> writes:
> On Tue, 2005-03-15 at 14:53 +0100, Pavol Luptak wrote:
>> Try blowfish instead MD5
>
> I feel a bit uneasy about using symmetric ciphers (like DES or blowfish)
> for password encryption. I'm not a crypto guy, but doesn't this bring
> about the whole bloody key management can of worms?
Traditional Unix passwords encrypt a constant string using the
password as the key, effectively turning a symmetric cipher into a
one-way hash.
----ScottG.
- Previous message: Mike Delaney: "Re: A question about passwords and login/authentication"
- In reply to: Steffen Kluge: "Re: A question about passwords and login/authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
