On 06/10/2012 06:02 AM, Simon L. B. Nielsen wrote:
Has anyone looked at how long the SHA512 password hashing actually takes on modern computers? The "real" solution for people who care significantly about this seems something like the algorithm pjd implemented (I think he did it at least) for GELI, where the number of rounds is variable and calculated so it takes X/0.X seconds on the specific hardware used. That's of course a lot more complicated, and I'm not sure if it would work with the crypt() API.
I'm kinda curious about this: I take it you'd encode the number of rounds in the string somehow? Otherwise, the hash wouldn't be portable to another machine (or even if you upgrade the current machine).
-- Matt Piechota _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
