This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/16522] On sha* password generation, select hash rounds to achieve given computation time based on hash computation speed
- From: "bugdal at aerifal dot cx" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Tue, 04 Feb 2014 06:21:03 +0000
- Subject: [Bug libc/16522] On sha* password generation, select hash rounds to achieve given computation time based on hash computation speed
- Auto-submitted: auto-generated
- References: <bug-16522-131 at http dot sourceware dot org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=16522
Rich Felker <bugdal at aerifal dot cx> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |bugdal at aerifal dot cx
--- Comment #2 from Rich Felker <bugdal at aerifal dot cx> ---
I'm a bit concerned about this proposal. What happens when your hashes are
shared between multiple machines (e.g. a very fast server and multiple thin
clients) or when you're setting up a VE image for cpu-limited hosting or a
system image to run on a lower-end machine using a higher-end one? I think it's
flawed to assume that the machine on which hashes will later be validated is as
capable as the machine on which the original hashes are generated. Whether this
is an acceptable flaw (i.e. whether the benefit is worth dealing with the side
effects of this flaw) is a matter for discussion.
--
You are receiving this mail because:
You are on the CC list for the bug.