From owner-freebsd-security@FreeBSD.ORG Mon Jun 11 11:51:49 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5F132106566B for ; Mon, 11 Jun 2012 11:51:49 +0000 (UTC) (envelope-from simon@qxnitro.org) Received: from mail-bk0-f54.google.com (mail-bk0-f54.google.com [209.85.214.54]) by mx1.freebsd.org (Postfix) with ESMTP id 893E68FC12 for ; Mon, 11 Jun 2012 11:51:48 +0000 (UTC) Received: by bkvi18 with SMTP id i18so4278194bkv.13 for ; Mon, 11 Jun 2012 04:51:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qxnitro.org; s=google; h=mime-version:sender:x-originating-ip:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=7Ky3dttyMzpFvQpV12krTdvK+M4vTMQVmsBY4SssrCw=; b=fT1UaSDIR2EhRwj5vFrvPcrVf8+4RZQyz07gc8CXkytAP+LCJdVZIkkonUqLFt4/Bb OgobsW9qhJRGXnt7v6Q6K/16qGlzcTAY6E0rpr6oWK/xjNUcN/Ysy8JhescHZ655xb4R ynz97AXdT0pwi5hTj/j/K5qUW9VBZ2LzKCPzM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:sender:x-originating-ip:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding:x-gm-message-state; bh=7Ky3dttyMzpFvQpV12krTdvK+M4vTMQVmsBY4SssrCw=; b=KvQjb3SR6DVvIfyipHVAiVD5IHNxGo1E44tPGfqLac6KML1tx9LObJOceUC7LImyYU l4Z38wwUqstdnTJxoMQzsnp+I2tBgAR8EAdaabbx4/RE9CRdWi+SzNeQKqVA7rz2LRYq ZhNcx3SMT60eWiSYi9ycIQJoo4zHQvd1ldEIbfOwa5p08+Vhz6LDU9a/j8ZBgZYQCbzM msC2U/lkgkXSoNENyMYPiATVjurbLf1Cb1aX/Ho+5CiTh87ptsP5b9l1gibcRpbJjJk7 V3H4v+Fu8VT3RCb0HECZudtAlJvqorahPJB2uFwBE7Nz1D6U8jVz56LtLyPTVkET/ea1 VdZg== MIME-Version: 1.0 Received: by 10.204.156.217 with SMTP id y25mr10123913bkw.65.1339415507371; Mon, 11 Jun 2012 04:51:47 -0700 (PDT) Sender: simon@qxnitro.org Received: by 10.205.39.199 with HTTP; Mon, 11 Jun 2012 04:51:47 -0700 (PDT) X-Originating-IP: [2620:0:1040:204:be30:5bff:fee8:f39d] In-Reply-To: <734419687.20120611144402@serebryakov.spb.ru> References: <86r4tqotjo.fsf@ds4.des.no> <6E26E03B-8D1D-44D3-B94E-0552BE5CA894@FreeBSD.org> <734419687.20120611144402@serebryakov.spb.ru> Date: Mon, 11 Jun 2012 12:51:47 +0100 X-Google-Sender-Auth: aDov3GkJmRlHZ_8kRDEcTmcNktU Message-ID: From: "Simon L. B. Nielsen" To: Lev Serebryakov Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Gm-Message-State: ALoCoQlXYcwq3nILc02HIia4OhAHwq1vCZA9GY++wNokEUMiBT7f4SX30L0MICU2Q10J9T7WJrRi Cc: =?UTF-8?Q?Dag=2DErling_Sm=C3=B8rgrav?= , freebsd-security@freebsd.org Subject: Re: Default password hash X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Jun 2012 11:51:49 -0000 On Mon, Jun 11, 2012 at 11:44 AM, Lev Serebryakov wrote: > Hello, Simon. > You wrote 10 =D0=B8=D1=8E=D0=BD=D1=8F 2012 =D0=B3., 14:02:50: > > SLBN> Has anyone looked at how long the SHA512 password hashing > SLBN> actually takes on modern computers? > =C2=A0Modern =C2=A0computers =C2=A0are =C2=A0not what should you afraid. = Modern GPUs are. > And they are incredibly fast in calculation of MD5, SHA-1 and SHA-2. > > =C2=A0Modern key-derivation schemes must be RAM-heavy, not CPU-heavy. But the modern CPU's will limit the number of rounds you can use for a hash (if you use same system as md5crypt), as you can't let users wait 10+ seconds to check their password. > =C2=A0And =C2=A0 I =C2=A0 don't =C2=A0 understand, =C2=A0 why =C2=A0shoul= d =C2=A0we =C2=A0use =C2=A0our =C2=A0home-grown > "strengthening" algorithms instead of "standard" choices: PBKDF2[1], > bcrypt[2] and (my favorite) scrypt[3]. Recall that FreeBSD's MD5 strengthening probably predates most of the other systems by a while (I'm too lazy to look it up). That said, I generally agree we should go with something standard or existing unless there is a very good reason not to. PBKDF2 / RFC2898 is what GELI uses (which I mentioned previously). > [1] http://tools.ietf.org/html/rfc2898 > [2] http://static.usenix.org/events/usenix99/provos/provos_html/node1.htm= l > [3] http://www.tarsnap.com/scrypt.html --=20 Simon