This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/16522] On sha* password generation, select hash rounds to achieve given computation time based on hash computation speed
- From: "jasa.david at gmail dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Thu, 06 Feb 2014 16:43:55 +0000
- Subject: [Bug libc/16522] On sha* password generation, select hash rounds to achieve given computation time based on hash computation speed
- Auto-submitted: auto-generated
- References: <bug-16522-131 at http dot sourceware dot org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=16522
--- Comment #7 from David JaÅa <jasa.david at gmail dot com> ---
Increase to number of rounds to number makes this extra work for user and
attacker:
rounds user time user work factor p/s attacker work factor
5000 << 0.1 s 1 ~190 1
625000 ~ 1 s 125 ~3 ~ 60
5000000 ~ 8 s 1000 0.16-0.19 ~ 1000-1200
the question is how would this fare with GPU or FPGA/ASIC-equipped attacker
(that seems quite likely). [1] suggests that sha512 is less friendly to GPUs or
HW chips to sha256 and HW development will focus for some time on sha256 as
that is what cryptocurrency mining requires so pretty much any increase in
rounds should be safe short- and medium-term but given the inertia inherent in
such low-level base system things, it seems a good time to look for
alternatives to both parameters of current schemes and the schemes themselves.
[1]
http://www.openwall.com/presentations/Passwords12-The-Future-Of-Hashing/Passwords12-The-Future-Of-Hashing.pdf
--
You are receiving this mail because:
You are on the CC list for the bug.