Menu
According to the crypt(3) manual, Blowfish (indicated by the $2a$ prefix) is one of the supported cypher methods:
ID | Method
─────────────────────────────────────────────────────────
1 | MD5
2a | Blowfish (not in mainline glibc; added in some
| Linux distributions)
5 | SHA-256 (since glibc 2.7)
6 | SHA-512 (since glibc 2.7)
However the part saying Blowfish (not in mainline glibc; added in some Linux distributions) is confusing and underdocumented, so I have a few questions.
First of all, if "mainline" glibc does not support Blowfish, then which glibc does? Ubuntu 14.04 uses glibc 2.19, packaged in libc6 / libc6-dev packages. Assuming this is the "mainline" glibc, then Blowfish is not supported. Apparently there is a patch called crypt_blowfish adding Blowfish support to glibc. Why is it not enabled by default in Ubuntu? And last but not least, what is the easiest way to make the C crypt() function in Ubuntu understand Blowfish hashes?
419
A: Include the library file, instanciate the Blowfish class with your secret key, then call the method Encrypt or Decrypt. require_once (t3lib_extMgm::extPath ('crypt_blowfish').'lib/class.tx_cryptblowfish.php');
Blowfish Algorithm with Examples. Blowfish is an encryption technique designed by Bruce Schneier in 1993 as an alternative to DES Encryption Technique. It is significantly faster than DES and provides a good encryption rate with no effective cryptanalysis technique found to date. It is one of the first, secure block cyphers not subject ...
It is faster and much better than DES Encryption. Blowfish uses a 64-bit block size which makes it vulnerable to birthday attacks. A reduced round variant of blowfish is known to be susceptible to known plain text attacks ( 2nd order differential attacks – 4 rounds).
Rounds: The decryption also consists of 16 rounds with each round (Ri) (as explained above) taking inputs the cipherText (C.T.) from previous round and corresponding subkey (P [17-i]) (i.e for decryption the subkeys are used in reverse). Blowfish is a fast block cipher except when changing keys.
First of all, if "mainline" glibc does not support Blowfish, then which glibc does?
Built by distributions listed at openwall page, e.g. ALT Linux and SUSE. If it's interesting for you, why it is not in mainline, you can read Ulrich Drepper's article.
Why is it not enabled by default in Ubuntu?
This matter was discussed here: LP#1349252.
And last but not least, what is the easiest way to make the C crypt() function in Ubuntu understand Blowfish hashes?
Probably, there is no way to make it without building your own glibc package.
129
answered Sep 21 '22 21:09
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
