Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 30 Aug 2012 10:40:01 +0200
From: Szabolcs Nagy <nsz@...t70.net>
To: musl@...ts.openwall.com
Subject: Re: Help-wanted tasks for musl

* Rich Felker <dalias@...ifal.cx> [2012-08-29 13:01:32 -0400]:
> Committed. I also put strict rounds count checks in place for the
> existing hashes. Previously the only limit was on blowfish where the
> limit kept the runtime down to minutes instead of months/years, but
> that was of little practical benefit. Anyone who thinks the limits are
> too low/too high/whatever is welcome to bikeshed this...
> 

i think the current setting is too low :)
i'd use the same setting for both
(sha512 can be significantly faster on 64bit than on 32bit)

the limit need not be more than 1M but should be at least 100k
(one can easily wait these out on a fast machine)

a quick search on the web found several
cases where sha crypt is promoted with
high rounds:

$6$rounds=65536
https://wiki.archlinux.org/index.php/SHA_password_hashes

$5$rounds=73500
http://security.stackexchange.com/questions/15083/is-there-repetition-in-the-solaris-11-hash-routine-can-i-add-some

$5$rounds=80000 (this is the default in passlib!)
http://packages.python.org/passlib/lib/passlib.context-tutorial.html

$6$rounds=100000
http://lwn.net/Articles/489234

$6$rounds=1000000 (!!)
http://twerner.blogspot.hu/2010/01/improving-password-security-in-debian.html

bug:
somehow i forgot to add 'static' to sha256
hash functions (sha256_init, sha256_update,
sha256_sum) so they are visible

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.