Date: Sat, 9 Feb 2013 05:11:05 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: SSHA-512 supported? On Fri, Feb 08, 2013 at 07:56:19PM -0500, Jon Schipp wrote: > Lines further down in the config describe the blowfish count: > "The default hashing iterations is 2^cost. The valid value of cost is > an integer between 4 and 31, inclusive. The default cost value is 8." > > A default of 8 instead of 6 previously mentioned. Again, I don't know > if that is helpful or not. It is. Thanks! > > Do you suspect they were dumb enough to apply the same low iteration > > counts for sha512crypt, where each iteration is a lot cheaper? Well, > > maybe. Got to test the 1 to 999 range. > > I'm curious and not a programmer, what do you mean by "where each > iteration is a lot cheaper"? How are they cheaper? 1 iteration in sha512crypt corresponds to less CPU time consumed than 1 iteration in bcrypt. So e.g. 256 iterations of bcrypt (their default for that hash type) is a lot more expensive (and more secure) than 256 iterations for sha512crypt (let alone 64 iterations). However, if their SHA-512 based algorithm differs from sha512crypt in some other way as well, this might not hold for their algorithm. We don't know until we've figured it out. Like I said in another message, a simple rounds=64 (with a corresponding change to ROUNDS_MIN in our code) did not help. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.