Default password hash

Matt Piechota piechota at argolis.org
Sun Jun 10 20:13:51 UTC 2012


On 06/10/2012 06:02 AM, Simon L. B. Nielsen wrote:
> Has anyone looked at how long the SHA512 password hashing actually 
> takes on modern computers? The "real" solution for people who care 
> significantly about this seems something like the algorithm pjd 
> implemented (I think he did it at least) for GELI, where the number of 
> rounds is variable and calculated so it takes X/0.X seconds on the 
> specific hardware used. That's of course a lot more complicated, and 
> I'm not sure if it would work with the crypt() API. 

I'm kinda curious about this: I take it you'd encode the number of 
rounds in the string somehow? Otherwise, the hash wouldn't be portable 
to another machine (or even if you upgrade the current machine).

-- 
Matt Piechota



More information about the freebsd-security mailing list