Date: Thu, 9 Feb 2012 11:47:44 +0400 From: Solar Designer <solar@...nwall.com> To: john-dev@...ts.openwall.com Subject: Re: Drupal 7 On Thu, Feb 09, 2012 at 03:15:46AM +0100, magnum wrote: > On 01/16/2012 12:12 AM, Solar Designer wrote: > > Here's one more: Drupal 7 uses a revision of phpass with MD5 replaced > > with SHA-512 and hashes cut at 258 bits (yes, 258 - that's a multiple of 6). > > These hash encodings use the $S$ prefix. Perhaps we should support them. > > I just committed this format. Painfully slow but supports OMP. Thanks! Just why is it slower than SHA-crypt-512, though? (With the current sets of test vectors.) Somehow I thought that the latter with the default of rounds=5000 actually invoked the SHA-512 compression function about 17,000 times. So I expected these two to provide very similar performance. Benchmarking: Drupal 7 $S$ (SHA-512 x 16385) [64/64]... (8xOMP) DONE Raw: 738 c/s real, 92.0 c/s virtual Benchmarking: crypt SHA-512 rounds=5000 [OpenSSL 64/64]... (8xOMP) DONE Raw: 2112 c/s real, 263 c/s virtual > I did not bother with verifying the last 2 bits. In fact I suspect the > current version of binary() does not put them right. But 256 bits ought > to be enough, yes? And cmp_all() just checks ARCH_SIZE of the binaries, > I believe that is reasonable. Sounds fine for now. > I googled for test hashes and the few I found was used as self-tests. Great. BTW, they've since increased the number of iterations even further: http://drupal.org/node/1203852 Thank you! Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.