__           __           __                     
  .-----.--.--.----.|  |.--.--.--|  |.-----.--|  |  .-----.----.-----.
  |  -__|_   _|  __||  ||  |  |  _  ||  -__|  _  |__|  _  |   _|  _  |
  |_____|__.__|____||__||_____|_____||_____|_____|__|_____|__| |___  |
   by daemonx - member of excluded-team                        |_____|
   11th june 2005 - v.1.0
   18th june 2005 - v.2.0
                                     
                                     blowfish


%cat ~/what_is_blowfish
blowfish (cipher), is an encryption algorithm 
which is named after the openbsd logo, puffy.
blowfish is a very fast algorithm and was
designed in 1993 by bruce schneier. until
today, there are just a few security holes.
but all in all it is to say that blowfish
is well encryption algorithm.

%cat ~/advantages
the blowfish algorithm is not patented, thats why he is
used so much.he is much faster than des and idea.
he only needs 16 passages, in those he only simple
operations and some 32-bit-xor-links.

%cat ~/algorithm
blowfish is a block algorithm. the text will be 
divided into 64-bit blocks. this blocks
will be also divided in left and right blocks (each
32-bit. in 16 rounds the single blocks will be decrypted.
in addition blowfish uses one p-box and four s-boxes.
the p-box is used for the change of the lining up
sequence of the bits and the s-boxes are for exchanging 
the bits. in every round, a item of the left textbox
will be xor-linked with one item of the p-box. then the
right textblock will be also xor-linked. after all, the left
textblock will be divided into 8-bit blocks, after that
the 8-bit blocks will be added/xor with the four s-boxes

+--------+    +--------+    +--------+    +--------+
| 64 bit |    | 64 bit |    | 64 bit |    | 64 bit |
+--------+    +--------+    +--------+    +--------+
    |              |            |              |
    +--------------+            +--------------+
           |                           |
     +------------+              +-------------+
     | left block |              | right block |
     +------------+              +-------------+
        (32 bit)                     (32 bit)

p-box + link-left box + xor-right box = 8 bit block
p-box + link-left box + xor right box = 8 bit block
...
                  
s-box >> choose a 8 bit block
s-box >> choose a 8 bit block
s-box >> choose a 8 bit block
s-box >> choose a 8 bit block

>> add/xor s-box and 8 bit block

%cat ~/best_cryptoanalysis
four rounds of blowfish are susceptible to 
a second-order differential attack (1997);
for a class of weak keys, 14 rounds of
blowfish can be distinguished from a random
permutation (1996).

%cat ~/safe_system-passwd's_with_blowfish
now to the easy part :)
open a terminal and edit the following file:

su-2.05b# vi /etc/login.conf

now scroll down and in the first line you see the algorithm

default:\
        :passwd_format=md5:\

you have to replace the "md5" with "blf" for blowfish.

default:\
        :passwd_format=blf:\

every time you edit the login.conf, you have to execute the 
cap_mkdb instruction to integrate it in the file (/etc/login.db).

su-2.05b# cap_mkdb /etc/login.conf

so that's it. if you already created a user, you just have to
determine the user data base

su-2.05b# grep -v '*' /etc/master.passwd
root:$1$ywXbyPT/$GC8tXN91c.lsKRpLZori61/:0:0::0:0:Charlie &:/root:/usr/local/bin/bash
daemonx:$1$GFm1nh6I$jh3v4I.QNf450ARgltZU5.0:500:0::0:0:User &:/home/daemonx:/usr/local/bin/bash

so you see we have two active accounts ('cause the password
is not a * -star) 

so i you see the $1 is bold, because the $1 stand for
the md5 algorithm, after our little change, we will see there
a $2. the $2 stand for the blowfish algorithm.

so the last few steps: change the passwd

su-2.05b# passwd root
and
su-2.05b# passwd daemonx

to see if everything is okay grep -v the /etc/master.passwd again.

cat ~/help
man passwd
man adduser
man cap_mkdb
http://www.schneier.com/blowfish.html
http://www.cryptolounge.de.vu/
bsd hacks: 3-89721-339-0
http://de.wikipedia.org/wiki/Blowfish

cat ~/credits
<daemonx(at)excluded.org>
http://www.excluded.org/