Date: Mon, 25 Jun 2012 10:36:00 +0000 From: Aaron Zauner <azet@azet.org> To: freebsd-security@freebsd.org Subject: Fwd: Default password encryption method. Message-ID: <CAN8NK9FQYbpXLP3mB_J91b9AU_n1SVe=qj6gdnJV0z63TOkMiQ@mail.gmail.com> In-Reply-To: <CAN8NK9EzrM-0QE9K=vLyuf7UCh=WKcFZRS8vsnL=cEcrtjeMkQ@mail.gmail.com> References: <CAASvXNt7oT4g9YaNtMyheMkFyb_0ASfD-ErvCfJBRpuPqkrEwQ@mail.gmail.com> <CAJcQMWfrVbDUOp0-Qi48V0kBrwrHx8P98XX7U3NASLY08RKEmA@mail.gmail.com> <CAC8HS2FAzkLiN1Km-hCSWV9wWvm40tmqsA=61NDEA0WnnkswjQ@mail.gmail.com> <CAGDxMR7_wEus5zTpP8PNPkNrouO%2ByFu49J%2B%2BbzPN4ZfEkuhDtA@mail.gmail.com> <CAN8NK9EzrM-0QE9K=vLyuf7UCh=WKcFZRS8vsnL=cEcrtjeMkQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
so what about bcrypt? http://en.wikipedia.org/wiki/Bcrypt On Thu, Jun 21, 2012 at 7:38 PM, Aaron D. Gifford <astounding@gmail.com> wr= ote: > On Tue, Jun 19, 2012 at 12:14 PM, Simon L. B. Nielsen <simon@freebsd.org>= wrote: > ..snip... >> The FreeBSD Security Team is also looking at (/poking people to look at) >> solutions which will improve the the time it takes to brute force passwo= rds >> significantly more. >> >> -- >> Simon > > I'd love to see PBKDF2 as a password hashing method. Yes, it's meant > for deriving key material, but it can function similarly. =C2=A0It has th= e > flexibility of allowing different hashes being used for the HMAC PRNG > portion, and the ability to vary/specify the number of iterations. > No, it's not memory complex like scrypt, but personally I prefer to > not yet have memory usage involved. =C2=A0I could foresee PBKDF-HMAC-SHA5= 12 > or PBKDF-HMAC-SHA256. =C2=A0I would select the quantity of output to matc= h > the hash size selected (i.e. if I use HMAC-SHA512 for the PRNG portion > of PBKDF2, I would have PBKDF2 generate 512 bits of output to store in > my password database). > > PBKDF2(pseudo-random-function, password, salt, iterations, output-size) > > I'd offer HMAC-SHA256 and HMAC-SHA512 initially for the > pseudo-random-function parameter. > > And I'd select output-size as mentioned above, 256 bits for HMAC-SHA256, = etc. > > As for iterations, how hard would it be to allow for more variation in > the base-64 encoded salt field in the master password database such > that for a PBKDF2 scheme, the field used as salt would actually be > three fields, an 4-bit pseudo-random-function selector and a 32-bit > unsigned integer number of iterations (or 36 bits, which base-64 > encoded would be 6 characters) followed by a variable length salt > (i.e. any length permitted by the master password database structure > up to the '$' character delimiter)? > > Or one could simply define separate algorithms for each PRF > (pseudo-random-function) available. > > But, storing the number of iterations with the stored salt has the > benefit of not requiring a new algorithm be defined when one wants to > increase the default security level of hashed passwords. =C2=A0One merely > need to change a system setting to default to use more iterations. > And password databases from other systems with a higher or lower > setting would still be readable and usable. > > Brainstorming session over... for now. > > Aaron out. > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or= g"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAN8NK9FQYbpXLP3mB_J91b9AU_n1SVe=qj6gdnJV0z63TOkMiQ>