Date: Thu, 9 Aug 2012 18:08:25 -0400 From: Rich Felker <dalias@...ifal.cx> To: musl@...ts.openwall.com Subject: Re: crypt* files in crypt directory On Fri, Aug 10, 2012 at 01:44:31AM +0400, Solar Designer wrote: > On Thu, Aug 09, 2012 at 05:17:36PM -0400, Rich Felker wrote: > > After some casual tests, I would say somewhere around 16 is > > appropriate as the absolute upper cut-off, and 12-14 is probably the > > "point a good bit lower" we're aiming for. Anyone else have opinions > > on this? Information on what's in common use in the wild? (I would > > guess 4-8 is typical in the wild..) > > 4-12 exist in the wild for password authentication, larger values are > sometimes seen for other uses (you may choose not to support such uses). Then 12 is probably not a good cut-off, which is frustrating because 12 is getting to the point where it's unreasonable load on a mid-range system (takes ½ sec on my atom). > I think the defaults are as follows: > > Solaris - $2a$04 once bcrypt is enabled (it is not by default) > CommuniGate Pro - $2a$05, ditto > OpenBSD - $2a$08 for root, $2a$06 for non-root > Owl - $2y$08 for all by default > openSUSE - $2y$10 for all by default Thanks, very informative. > An example use other than password authentication: > > http://crypto.stackexchange.com/questions/1765/can-i-construct-a-zero-knowledge-proof-that-i-solved-a-project-euler-problem > > This has $2a$16 and $2a$20 samples. > > The paper and slides on scrypt compare it against bcrypt at up to $2a$16 > ("tuned for file encryption"). I think this potentially needs to be something we just don't support. I can see the interest in being able to use crypt as a general purpose hashing API, but I think I'd have a hard time convincing myself to prioritize that over ensuring bounded runtime. Rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.