Date: Thu, 9 Aug 2012 17:17:36 -0400 From: Rich Felker <dalias@...ifal.cx> To: musl@...ts.openwall.com Subject: Re: crypt* files in crypt directory On Thu, Aug 09, 2012 at 07:52:55PM +0400, Solar Designer wrote: > > I don't see any down-size to limiting the iteration count if the limit > > is reasonable. For instance if the limit were such that higher counts > > would take more than 1 second on a theoretical 50 GHz variant of a > > modern cpu (which is faster than a single core will EVER be able to > > get), there's no way they would be practical to use, and there's no > > sense in supporting them except to satisfy a fetish for "no arbitrary > > limits" even when it conflicts with security and robustness. This > > would at least ensure the function can't get stuck running for > > hours/days/weeks at a time. > > > > The hard part is putting the limit at some point a good bit lower. > > This makes some sense. After some casual tests, I would say somewhere around 16 is appropriate as the absolute upper cut-off, and 12-14 is probably the "point a good bit lower" we're aiming for. Anyone else have opinions on this? Information on what's in common use in the wild? (I would guess 4-8 is typical in the wild..) Rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.