Default password hash
Gleb Kurtsou
gleb.kurtsou at gmail.com
Sun Jun 10 14:54:01 UTC 2012
On (10/06/2012 11:02), Simon L. B. Nielsen wrote:
>
> On 8 Jun 2012, at 13:51, Dag-Erling Smørgrav wrote:
>
> > We still have MD5 as our default password hash, even though known-hash
> > attacks against MD5 are relatively easy these days. We've supported
> > SHA256 and SHA512 for many years now, so how about making SHA512 the
> > default instead of MD5, like on most Linux distributions?
>
> Has anyone looked at how long the SHA512 password hashing actually takes on modern computers?
>
> The "real" solution for people who care significantly about this seems something like the algorithm pjd implemented (I think he did it at least) for GELI, where the number of rounds is variable and calculated so it takes X/0.X seconds on the specific hardware used. That's of course a lot more complicated, and I'm not sure if it would work with the crypt() API.
Do you mean pkcs5v2_calculate from geli? It seems to have a drawback
that results produced depend on actual CPU load.
% ./pkcs5v-test [*]
541491
539568
542352
540376
388285 -- start several instances of pkcs5v-test in parallel
303071
284793
281110
It would be awesome to provide user with options to configure minimal
and maximal iteration count and randomly choose iteration count within
the range for each new password. Such trivial change should considerably
complicate mass password bruteforce cracking.
Variable number of rounds for a password would also require changing
crypt() interface.
> Also, does anyone know if our SHA512 is compatible with the format used by Linux, other BSD's etc?
It's supposed to be compatible with Linux. DragonFly invented something
on their own with a nasty bug in it. They could have changed to
"standard" crypt on top of sha-2 after bug was discovered.
http://www.openwall.com/lists/oss-security/2012/01/16/2
Why does nobody mention scrypt? It looks very attractive in longer
perspective.
Thanks,
Gleb.
* pkcs5v-test.c:
#include <crypto/pkcs5v2/pkcs5v2.h>
int
main(int argc, char **argv)
{
int i, usec;
for (i = 0; i < 10; i++) {
usec = pkcs5v2_calculate(2000000, 512 / 8, 4);
printf("%d\n", usec);
}
return (0);
}
More information about the freebsd-security
mailing list