Date: Thu, 30 Aug 2012 10:40:01 +0200 From: Szabolcs Nagy <nsz@...t70.net> To: musl@...ts.openwall.com Subject: Re: Help-wanted tasks for musl * Rich Felker <dalias@...ifal.cx> [2012-08-29 13:01:32 -0400]: > Committed. I also put strict rounds count checks in place for the > existing hashes. Previously the only limit was on blowfish where the > limit kept the runtime down to minutes instead of months/years, but > that was of little practical benefit. Anyone who thinks the limits are > too low/too high/whatever is welcome to bikeshed this... > i think the current setting is too low :) i'd use the same setting for both (sha512 can be significantly faster on 64bit than on 32bit) the limit need not be more than 1M but should be at least 100k (one can easily wait these out on a fast machine) a quick search on the web found several cases where sha crypt is promoted with high rounds: $6$rounds=65536 https://wiki.archlinux.org/index.php/SHA_password_hashes $5$rounds=73500 http://security.stackexchange.com/questions/15083/is-there-repetition-in-the-solaris-11-hash-routine-can-i-add-some $5$rounds=80000 (this is the default in passlib!) http://packages.python.org/passlib/lib/passlib.context-tutorial.html $6$rounds=100000 http://lwn.net/Articles/489234 $6$rounds=1000000 (!!) http://twerner.blogspot.hu/2010/01/improving-password-security-in-debian.html bug: somehow i forgot to add 'static' to sha256 hash functions (sha256_init, sha256_update, sha256_sum) so they are visible
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.