Blowfish support in crypt() (glibc) ?

Bennett Todd bet at rahul.net
Tue Jun 8 06:37:58 PDT 2004


2004-06-07T21:20:44 Robert Connolly:
> "The problem of attacking MD5 is no longer a theoretical matter -
> it is a business proposition."
> http://www.md5crk.com/

That's trying to brute-force finding any possible collision, not
finding a collision with a single hash.

> It is more likely that 2 (and more) different passwords produce
> the same hash using md5 then when using blowfish.

The only way blowfish could be better is if you had more than 128
bits in your blowfish cypher-as-hash construction. This has nothing
to do with the strength of the algorithm, only the size of the hash.
If you want more than 128 bits, the cryptographic recommendation is
to use SHA1. 160 bits is plenty for this application, the birthday
paradox doesn't apply in any interesting way. In either case, you
have to iterate it, not to gain any cryptographic strength but just
to slow down dictionary attacks.

> According to that url md5 should have been abandoned in 1995.

Care must be taken with its use; in applications where a dictionary
attack applies MD5 isn't quite up to modern needs.

> We could also use sha1, but since blowfish is harder to crack,
> sha1 can just be skipped.

Blowfish is a different category of algorithm; it's a block cypher.
Block cyphers can be used to construct cryptographic hashes, and
cryptographic hashes can be used to construct cyphers, but that's
not what they're designed for.

> A dictionary attack depends directly on the password used and that
> attack would be equally successfull with any algorithm, excluding
> cpu time.

Indeed, controlling CPU time requirements is common across all
implementation choices (that's why classic crypt(3) iterated DES so
many times).

> The blowfish algorithm protects against a different style of
> attack directed against the mathmatics of the hash.

Could you please expand on that statement? You're using blowfish to
construct a cryptographic hash; I've not heard any explanation of
what's wrong with SHA1 as a cryptographic hash, that this ad-hoc
blowfish construction could improve on.

-Bennett
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.linuxfromscratch.org/pipermail/hlfs-dev/attachments/20040608/77948977/attachment.sig>


More information about the hlfs-dev mailing list