On Mon, 11 Jun 2012 00:37:30 +0200 Oliver Pinter wrote:
> 16 rounds in 2012? It is not to weak?! It's hard to say. Remember that blowfish was designed as a cipher not a hash. It's designed to be fast, but to still resist known plaintext attacks at the beginning of the ciphertext. It was also designed to work directly with a passphrase because there was a history of programmers abusing DES by using simple ascii passwords as keys. For these reasons initialization is deliberately expensive, effectively it already contains an element of passphrase hashing. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
