This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/16522] On sha* password generation, select hash rounds to achieve given computation time based on hash computation speed
- From: "carlos at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Mon, 03 Feb 2014 18:04:27 +0000
- Subject: [Bug libc/16522] On sha* password generation, select hash rounds to achieve given computation time based on hash computation speed
- Auto-submitted: auto-generated
- References: <bug-16522-131 at http dot sourceware dot org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=16522
Carlos O'Donell <carlos at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |carlos at redhat dot com
--- Comment #1 from Carlos O'Donell <carlos at redhat dot com> ---
(In reply to David JaÅa from comment #0)
> In other words cryptsetup/LUKS with default settings gives about 30x better
> protection to user password than glibc with default settings. While glibc
> must take into account DoS scenarios that do not apply to cryptsetup (such
> as attacker trying to log in over as many ssh connections as possible),
> these considerations should result in shorter computation time (my guess:
> 500 ms instead of 1000) instead of choosing fixed rounds count that actually
> provides constantly decreasing security level.
Agreed. Do you have a patch to make this work?
--
You are receiving this mail because:
You are on the CC list for the bug.