From owner-freebsd-current Mon Jun 19 22:59:00 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id WAA26768 for current-outgoing; Mon, 19 Jun 1995 22:59:00 -0700 Received: (from phk@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id WAA26759 ; Mon, 19 Jun 1995 22:58:59 -0700 From: Poul-Henning Kamp Message-Id: <199506200558.WAA26759@freefall.cdrom.com> Subject: Re: Crypto code - an architectural proposal. To: terry@cs.weber.edu (Terry Lambert) Date: Mon, 19 Jun 1995 22:58:59 -0700 (PDT) Cc: mark@grondar.za, wollman@halloran-eldar.lcs.mit.edu, current@freebsd.org In-Reply-To: <9506200541.AA24561@cs.weber.edu> from "Terry Lambert" at Jun 19, 95 11:41:50 pm X-Mailer: ELM [version 2.4 PL24] Content-Type: text Content-Length: 1029 Sender: current-owner@freebsd.org Precedence: bulk > > > There are also some reasons for wishing that the system crypt() were > > > slower as opposed to faster than it is now. > > > > What are they, please? If it is to slow down hack-attacks, then this is > > not really a reason, as a hacker could either bring his own fast crypt(3), > > or we could slow down login(1) etc with sleep(3), giving us the advantage > > with the crack programs. > > I agree that the hack-attack prevention is a poor reason for slowing down > crypt(). The MD5 based crypt() I wrote for 2.0 had this in mind. It is sufficiently slow that brute-force attacks are not fun, and it is frustrated by a millisecond timestamp so dictionary attacks become very bulky. Ten years from now it will probably have to be slowed down again :-( -- Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. whois: [PHK] | phk@ref.tfs.com TRW Financial Systems, Inc. Just that: dried leaves in boiling water ?