On 2013/05/13 17:30, Ted Unangst wrote:
> On Mon, May 13, 2013 at 20:44, Stuart Henderson wrote:
> > On 2013/05/13 19:32, Mark Lumsden wrote:
> >> I agree. tedu suggest 9 for the number of user rounds and 11 for
> >> root back in 2010. Are these numbers reasonable on most archs?
>
> Note that login.conf defaults can be adjusted on a per arch basis. We
> are mostly split between old-slow and new-fast archs, with the
> exception of i386, where people run everything from 200mhz geodes to
> 4ghz xeon.
I don't login to my geodes and 133MHz 486's *all* that often, so a default
which takes a perceptible but shortish time would be quite acceptable to me.
> > Actually iirc there was a diff to encrypt(1) to make it automatically
> > pick a value which wasn't too slow on the machine, which might be a decent
> > default setting (as long as those who are more concerned about the speed
> > of attackers machines can raise it above this value).
>
> That would be this:
Yep that's the one, I think last time this came up was just
pre-release so now is a better time to revisit it.
> encrypt -b a picks a nice number for you. I get 11 on a fast i5,
> which is still imperceptible. Minus one knob.
I think this would be useful to have, would be interested to hear
what others thing but FWIW I'm OK with it.
Although encrypt is used in the installer, it's not present on the
ramdisks: it calls the *unpacked* copy from /mnt/usr/bin/encrypt
instead. So we don't have a ramdisk size issue with this.
> On a slower machine, this will effectively raise the minimum to 7,
> while reducing the root value to 7 as well. I think that's fair.
>
> Index: encrypt.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/encrypt/encrypt.c,v
> retrieving revision 1.28
> diff -u -p -r1.28 encrypt.c
> --- encrypt.c 14 Jul 2007 21:26:38 -0000 1.28
> +++ encrypt.c 20 Feb 2013 13:43:31 -0000
> @@ -63,6 +63,31 @@ usage(void)
> exit(1);
> }
>
> +int
> +ideal_rounds()
> +{
> + clock_t before, after;
> + int r = 8;
> + char buf[_PASSWORD_LEN];
> + int duration;
> +
> + before = clock();
> + strlcpy(buf, bcrypt_gensalt(r), _PASSWORD_LEN);
> + crypt("testpassword", buf);
> + after = clock();
> +
> + duration = after - before;
> +
> + while (duration < 50) {
> + r += 1;
> + duration *= 2;
> + }
> + r -= 1;
> +
> + return r;
> +}
> +
> +
> void
> print_passwd(char *string, int operation, void *extra)
> {
> @@ -160,7 +185,10 @@ main(int argc, char **argv)
> if (operation != -1)
> usage();
> operation = DO_BLF;
> - rounds = strtonum(optarg, 1, INT_MAX, &errstr);
> + if (strcmp(optarg, "a") == 0)
> + rounds = ideal_rounds();
> + else
minor nit: tab before eol
> + rounds = strtonum(optarg, 1, INT_MAX, &errstr);
> if (errstr != NULL)
> errx(1, "%s: %s", errstr, optarg);
> extra = &rounds;
