> Date: Wed, 16 Feb 2022 10:27:08 -0500 (EST) > From: Mouse <mo...@rodents-montreal.org> > > > Thi is an essential hardening step against FPGA/custom ASIC > > implementations. > > I can't help feeling that there should be better ways to do that. I > like the idea of resistance to such things, but, for at least my > purposes, the ability to check passwords without major resource > consumption is a routine desire; resistance against an attacker willing > to invest in custom hardware is not.
Then for your purposes, you can set default parameters in /etc/passwd.conf that are bounded according to the resources of the least capable machine in your environment. But a _program_ that is supposed to work with any /etc/master.passwd has to be able to handle the parameters set there, so it's not sensible to ask the caller to preallocate enough storage for any password hashing computation since there is, a priori, no static upper bound on how much storage that might be (not to mention it might also need to spawn threads for parallelism).
