Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 29 Aug 2012 13:01:32 -0400
From: Rich Felker <dalias@...ifal.cx>
To: musl@...ts.openwall.com
Subject: Re: Help-wanted tasks for musl

On Wed, Aug 29, 2012 at 05:14:59PM +0200, Szabolcs Nagy wrote:
> * Rich Felker <dalias@...ifal.cx> [2012-08-29 10:30:12 -0400]:
> > see the attached for my proposed changes.
> > 
> 
> looks ok
> 
> > /* key limit is not part of the original design, added for DoS protection */
> > #define KEY_MAX 256
> > #define SALT_MAX 16
> > #define ROUNDS_DEFAULT 5000
> > #define ROUNDS_MIN 1000
> > #define ROUNDS_MAX 999999
> > 
> 
> i'd add a comment like
> 
> /* max rounds limit is lower than in the reference */

Committed. I also put strict rounds count checks in place for the
existing hashes. Previously the only limit was on blowfish where the
limit kept the runtime down to minutes instead of months/years, but
that was of little practical benefit. Anyone who thinks the limits are
too low/too high/whatever is welcome to bikeshed this...

Rich

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.