On Mon, Jun 11, 2012 at 11:44 AM, Lev Serebryakov <l...@freebsd.org> wrote: > Hello, Simon. > You wrote 10 июня 2012 г., 14:02:50: > > SLBN> Has anyone looked at how long the SHA512 password hashing > SLBN> actually takes on modern computers? > Modern computers are not what should you afraid. Modern GPUs are. > And they are incredibly fast in calculation of MD5, SHA-1 and SHA-2. > > Modern key-derivation schemes must be RAM-heavy, not CPU-heavy.
But the modern CPU's will limit the number of rounds you can use for a hash (if you use same system as md5crypt), as you can't let users wait 10+ seconds to check their password. > And I don't understand, why should we use our home-grown > "strengthening" algorithms instead of "standard" choices: PBKDF2[1], > bcrypt[2] and (my favorite) scrypt[3]. Recall that FreeBSD's MD5 strengthening probably predates most of the other systems by a while (I'm too lazy to look it up). That said, I generally agree we should go with something standard or existing unless there is a very good reason not to. PBKDF2 / RFC2898 is what GELI uses (which I mentioned previously). > [1] http://tools.ietf.org/html/rfc2898 > [2] http://static.usenix.org/events/usenix99/provos/provos_html/node1.html > [3] http://www.tarsnap.com/scrypt.html -- Simon _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
