Date: Fri, 10 Aug 2012 01:44:31 +0400 From: Solar Designer <solar@...nwall.com> To: musl@...ts.openwall.com Subject: Re: crypt* files in crypt directory On Thu, Aug 09, 2012 at 05:17:36PM -0400, Rich Felker wrote: > After some casual tests, I would say somewhere around 16 is > appropriate as the absolute upper cut-off, and 12-14 is probably the > "point a good bit lower" we're aiming for. Anyone else have opinions > on this? Information on what's in common use in the wild? (I would > guess 4-8 is typical in the wild..) 4-12 exist in the wild for password authentication, larger values are sometimes seen for other uses (you may choose not to support such uses). I think the defaults are as follows: Solaris - $2a$04 once bcrypt is enabled (it is not by default) CommuniGate Pro - $2a$05, ditto OpenBSD - $2a$08 for root, $2a$06 for non-root Owl - $2y$08 for all by default openSUSE - $2y$10 for all by default Google web searches also find numerous instances of $2a$12, albeit mostly in discussions on use of bcrypt from scripts and such. An example use other than password authentication: http://crypto.stackexchange.com/questions/1765/can-i-construct-a-zero-knowledge-proof-that-i-solved-a-project-euler-problem This has $2a$16 and $2a$20 samples. The paper and slides on scrypt compare it against bcrypt at up to $2a$16 ("tuned for file encryption"). Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.