Date: Mon, 11 Jun 2012 18:15:50 +0100 From: RW <rwmaillists@googlemail.com> To: freebsd-security@freebsd.org Subject: Re: Default password hash Message-ID: <20120611181550.7a42ad66@gumby.homeunix.com> In-Reply-To: <734419687.20120611144402@serebryakov.spb.ru> References: <86r4tqotjo.fsf@ds4.des.no> <6E26E03B-8D1D-44D3-B94E-0552BE5CA894@FreeBSD.org> <734419687.20120611144402@serebryakov.spb.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 11 Jun 2012 14:44:02 +0400 Lev Serebryakov wrote: > Hello, Simon. > You wrote 10 èþíÿ 2012 ã., 14:02:50: > > SLBN> Has anyone looked at how long the SHA512 password hashing > SLBN> actually takes on modern computers? > Modern computers are not what should you afraid. Modern GPUs are. > And they are incredibly fast in calculation of MD5, SHA-1 and SHA-2. > > Modern key-derivation schemes must be RAM-heavy, not CPU-heavy. They should be both, the point of scrypt is to optimize for normal ratios of cpu power to memory. > And I don't understand, why should we use our home-grown > "strengthening" algorithms instead of "standard" choices: PBKDF2[1], > bcrypt[2] and (my favorite) scrypt[3]. We already have bcrypt, it's called blowfish. I think what's needed is a self-tuning algorithm that tracks CPU time. IMO geli's PKCS #5 implementation is obsolete because it's based on core time.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120611181550.7a42ad66>