Date: Mon, 19 Jun 1995 22:58:59 -0700 (PDT) From: Poul-Henning Kamp <phk> To: terry@cs.weber.edu (Terry Lambert) Cc: mark@grondar.za, wollman@halloran-eldar.lcs.mit.edu, current@freebsd.org Subject: Re: Crypto code - an architectural proposal. Message-ID: <199506200558.WAA26759@freefall.cdrom.com> In-Reply-To: <9506200541.AA24561@cs.weber.edu> from "Terry Lambert" at Jun 19, 95 11:41:50 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > > There are also some reasons for wishing that the system crypt() were > > > slower as opposed to faster than it is now. > > > > What are they, please? If it is to slow down hack-attacks, then this is > > not really a reason, as a hacker could either bring his own fast crypt(3), > > or we could slow down login(1) etc with sleep(3), giving us the advantage > > with the crack programs. > > I agree that the hack-attack prevention is a poor reason for slowing down > crypt(). The MD5 based crypt() I wrote for 2.0 had this in mind. It is sufficiently slow that brute-force attacks are not fun, and it is frustrated by a millisecond timestamp so dictionary attacks become very bulky. Ten years from now it will probably have to be slowed down again :-( -- Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. whois: [PHK] | phk@ref.tfs.com TRW Financial Systems, Inc. Just that: dried leaves in boiling water ?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199506200558.WAA26759>