From owner-freebsd-security@FreeBSD.ORG Mon Jun 11 17:15:55 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8CBEB106564A for ; Mon, 11 Jun 2012 17:15:55 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-ee0-f54.google.com (mail-ee0-f54.google.com [74.125.83.54]) by mx1.freebsd.org (Postfix) with ESMTP id 15F218FC16 for ; Mon, 11 Jun 2012 17:15:54 +0000 (UTC) Received: by eeke49 with SMTP id e49so2225188eek.13 for ; Mon, 11 Jun 2012 10:15:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; bh=Noq6Wz2Vfe8W/jMwRco/P0mis/DweTHw4C71YfNy/i8=; b=h5LOI+Zq7N/w68aapu6qzFZBLybnnAM2fZ7dVHjO6jL8a/tep18TI1KFFky3AhiQ6E 4hzrwqzn48KYALIMxN/X8Gmww//wEC37MvUEVwNyGZ2lkgxgKN7UVfgaUWjXYTc3CS3J se8B0TXf4OUeWhk5/UDRwJKF+FVVfeC+PgpBokHCJMumk/RE+yTeZcInRprm/HbqM0TQ 7K0JNY/OcPbIe2RR3DqFLVhFTx8IVORLxWcjGBCAh6D+jc73OKXxjJM2dvdyKYB1g9CR N+3Tp+0FZeUzlEbjiGJfGD49b7rNk5g0Y62/mXIt9TssWV8xsPXfvOQLdDrdrFDGJteS SmOw== Received: by 10.14.45.12 with SMTP id o12mr2088108eeb.86.1339434953939; Mon, 11 Jun 2012 10:15:53 -0700 (PDT) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk. [87.194.105.247]) by mx.google.com with ESMTPS id u16sm18732912eeb.16.2012.06.11.10.15.51 (version=SSLv3 cipher=OTHER); Mon, 11 Jun 2012 10:15:52 -0700 (PDT) Date: Mon, 11 Jun 2012 18:15:50 +0100 From: RW To: freebsd-security@freebsd.org Message-ID: <20120611181550.7a42ad66@gumby.homeunix.com> In-Reply-To: <734419687.20120611144402@serebryakov.spb.ru> References: <86r4tqotjo.fsf@ds4.des.no> <6E26E03B-8D1D-44D3-B94E-0552BE5CA894@FreeBSD.org> <734419687.20120611144402@serebryakov.spb.ru> X-Mailer: Claws Mail 3.8.0 (GTK+ 2.24.6; amd64-portbld-freebsd8.3) Mime-Version: 1.0 Content-Type: text/plain; charset=windows-1251 Content-Transfer-Encoding: 8bit Subject: Re: Default password hash X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Jun 2012 17:15:55 -0000 On Mon, 11 Jun 2012 14:44:02 +0400 Lev Serebryakov wrote: > Hello, Simon. > You wrote 10 èþíÿ 2012 ã., 14:02:50: > > SLBN> Has anyone looked at how long the SHA512 password hashing > SLBN> actually takes on modern computers? > Modern computers are not what should you afraid. Modern GPUs are. > And they are incredibly fast in calculation of MD5, SHA-1 and SHA-2. > > Modern key-derivation schemes must be RAM-heavy, not CPU-heavy. They should be both, the point of scrypt is to optimize for normal ratios of cpu power to memory. > And I don't understand, why should we use our home-grown > "strengthening" algorithms instead of "standard" choices: PBKDF2[1], > bcrypt[2] and (my favorite) scrypt[3]. We already have bcrypt, it's called blowfish. I think what's needed is a self-tuning algorithm that tracks CPU time. IMO geli's PKCS #5 implementation is obsolete because it's based on core time.