Blowfish support in crypt() (glibc) ?

Ryan.Oliver at pha.com.au Ryan.Oliver at pha.com.au
Mon Jun 7 18:20:26 PDT 2004






Ian Molton wrote:
> On Mon, 07 Jun 2004 17:20:44 -0400
> Robert Connolly wrote:
>
> > According to that url md5 should have
> > been abandoned in 1995.
>
> At their current rate, it looks like ~250 machines give a 1 in 50,000
> chance of cracking it in a year.

And if you follow proper password policies and change your passwords
regularly (especially for root)... ;-)

Even so, having the option to use blowfish is a "Good Thing".
Most probably don't need it, but in some circumstances some may.

Like all security you have to choose what you apply where to suit the
individual requirements of your implementation depending on its
exposure.

[R]




More information about the hlfs-dev mailing list