Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 9 Feb 2012 11:47:44 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: Drupal 7

On Thu, Feb 09, 2012 at 03:15:46AM +0100, magnum wrote:
> On 01/16/2012 12:12 AM, Solar Designer wrote:
> > Here's one more: Drupal 7 uses a revision of phpass with MD5 replaced
> > with SHA-512 and hashes cut at 258 bits (yes, 258 - that's a multiple of 6).
> > These hash encodings use the $S$ prefix.  Perhaps we should support them.
> 
> I just committed this format. Painfully slow but supports OMP.

Thanks!  Just why is it slower than SHA-crypt-512, though?  (With the
current sets of test vectors.)  Somehow I thought that the latter with
the default of rounds=5000 actually invoked the SHA-512 compression
function about 17,000 times.  So I expected these two to provide very
similar performance.

Benchmarking: Drupal 7 $S$ (SHA-512 x 16385) [64/64]... (8xOMP) DONE
Raw:    738 c/s real, 92.0 c/s virtual

Benchmarking: crypt SHA-512 rounds=5000 [OpenSSL 64/64]... (8xOMP) DONE
Raw:    2112 c/s real, 263 c/s virtual

> I did not bother with verifying the last 2 bits. In fact I suspect the
> current version of binary() does not put them right. But 256 bits ought
> to be enough, yes? And cmp_all() just checks ARCH_SIZE of the binaries,
> I believe that is reasonable.

Sounds fine for now.

> I googled for test hashes and the few I found was used as self-tests.

Great.  BTW, they've since increased the number of iterations even
further: http://drupal.org/node/1203852

Thank you!

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.