On Tue, Sep 13, 2011 at 6:49 AM, Jeffrey Walton <noloa...@gmail.com> wrote: > On Tue, Sep 13, 2011 at 5:53 AM, Mrunal Nerpawar <p.mru...@gmail.com> wrote: >> I have a use case for one of the product that I work on. I need to know if >> the passwords on the unix machines are weak. >> The passwords are hashed using blowfish algorithm. I shall be doing >> dictionary encryption using blowfish API to find the weak passwords. >> >> I am using openssl/blowfish for this matter. >> So, I have already generated hash from Unix machine and i need to hash the >> words from dictionary to match them. > It would probably be easier to use John the Ripper. Solar Designer > recently updated to include code to check for an implementation bug in > BlowFish (in case the password was hashed with the defective > implementation). See > http://lists.randombit.net/pipermail/cryptography/2011-July/001115.html. Just to be clear: the bug was not with Schneier's reference implementation. It was in another implementation.
Jeff ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
