From owner-freebsd-security@FreeBSD.ORG  Sun Jun 10 20:13:51 2012
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 93E291065673
	for <freebsd-security@freebsd.org>;
	Sun, 10 Jun 2012 20:13:51 +0000 (UTC)
	(envelope-from piechota@argolis.org)
Received: from vms173013pub.verizon.net (vms173013pub.verizon.net
	[206.46.173.13])
	by mx1.freebsd.org (Postfix) with ESMTP id 726AB8FC26
	for <freebsd-security@freebsd.org>;
	Sun, 10 Jun 2012 20:13:51 +0000 (UTC)
Received: from [192.168.1.4] ([unknown] [98.114.37.117])
	by vms173013.mailsrvcs.net
	(Sun Java(tm) System Messaging Server 7u2-7.02 32bit (built Apr 16
	2009)) with ESMTPA id <0M5F00MSS1ED0J82@vms173013.mailsrvcs.net> for
	freebsd-security@freebsd.org; Sun, 10 Jun 2012 14:13:25 -0500 (CDT)
Message-id: <4FD4F1D5.9090900@argolis.org>
Date: Sun, 10 Jun 2012 15:13:25 -0400
From: Matt Piechota <piechota@argolis.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20120430
	Thunderbird/12.0.1
MIME-version: 1.0
To: freebsd-security@freebsd.org
References: <86r4tqotjo.fsf@ds4.des.no>
	<6E26E03B-8D1D-44D3-B94E-0552BE5CA894@FreeBSD.org>
In-reply-to: <6E26E03B-8D1D-44D3-B94E-0552BE5CA894@FreeBSD.org>
Content-type: text/plain; charset=ISO-8859-1; format=flowed
Content-transfer-encoding: 7bit
Subject: Re: Default password hash
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Jun 2012 20:13:51 -0000

On 06/10/2012 06:02 AM, Simon L. B. Nielsen wrote:
> Has anyone looked at how long the SHA512 password hashing actually 
> takes on modern computers? The "real" solution for people who care 
> significantly about this seems something like the algorithm pjd 
> implemented (I think he did it at least) for GELI, where the number of 
> rounds is variable and calculated so it takes X/0.X seconds on the 
> specific hardware used. That's of course a lot more complicated, and 
> I'm not sure if it would work with the crypt() API. 

I'm kinda curious about this: I take it you'd encode the number of 
rounds in the string somehow? Otherwise, the hash wouldn't be portable 
to another machine (or even if you upgrade the current machine).

-- 
Matt Piechota