Default password hash
RW
rwmaillists at googlemail.com
Mon Jun 11 17:15:55 UTC 2012
On Mon, 11 Jun 2012 14:44:02 +0400
Lev Serebryakov wrote:
> Hello, Simon.
> You wrote 10 июня 2012 г., 14:02:50:
>
> SLBN> Has anyone looked at how long the SHA512 password hashing
> SLBN> actually takes on modern computers?
> Modern computers are not what should you afraid. Modern GPUs are.
> And they are incredibly fast in calculation of MD5, SHA-1 and SHA-2.
>
> Modern key-derivation schemes must be RAM-heavy, not CPU-heavy.
They should be both, the point of scrypt is to optimize for normal
ratios of cpu power to memory.
> And I don't understand, why should we use our home-grown
> "strengthening" algorithms instead of "standard" choices: PBKDF2[1],
> bcrypt[2] and (my favorite) scrypt[3].
We already have bcrypt, it's called blowfish.
I think what's needed is a self-tuning algorithm that tracks CPU time.
IMO geli's PKCS #5 implementation is obsolete because it's based on core
time.
More information about the freebsd-security
mailing list