Blowfish support in crypt() (glibc) ?

Bennett Todd bet at
Tue Jun 8 06:45:50 PDT 2004

2004-06-08T02:52:03 Rogelio Serrano:
> dictionary attacks against md5 is very easy and fast.

The MD5 implementation used in passwd goes to some effort to
suppress that; it does a thousand md5 inits (the slow part of the
algorithm), mixing the hash different ways after each one.

Once that gets too slow, just increase that number and use a new
magic for the new varient.

> unless all users use random numbers for passwords, md5 will be a
> weak password hash.

Is that a theoretical claim based on the belief that MD5 crypt(3) is
doing a single, simple MD5 hash of the password?

> i am using blowfish in my system and it has a large number of
> rounds that it takes 3 seconds to compute the password hash.

I think it would be more secure to increase the number of iterations
if you want to slow it down, and switch to SHA1 if you want more
than 128 bits, rather than going to a homebrew hash built on an
algorithm that was designed as a cypher.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <>

More information about the hlfs-dev mailing list