On Mon, May 13, 2013 at 17:30 -0400, Ted Unangst wrote:
> On Mon, May 13, 2013 at 20:44, Stuart Henderson wrote:
> > On 2013/05/13 19:32, Mark Lumsden wrote:
> >> I agree. tedu suggest 9 for the number of user rounds and 11 for
> >> root back in 2010. Are these numbers reasonable on most archs?
>
> Note that login.conf defaults can be adjusted on a per arch basis. We
> are mostly split between old-slow and new-fast archs, with the
> exception of i386, where people run everything from 200mhz geodes to
> 4ghz xeon.
>
> > Actually iirc there was a diff to encrypt(1) to make it automatically
> > pick a value which wasn't too slow on the machine, which might be a decent
> > default setting (as long as those who are more concerned about the speed
> > of attackers machines can raise it above this value).
>
> That would be this:
>
> encrypt -b a picks a nice number for you. I get 11 on a fast i5,
> which is still imperceptible. Minus one knob.
>
> On a slower machine, this will effectively raise the minimum to 7,
> while reducing the root value to 7 as well. I think that's fair.
>
> Index: encrypt.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/encrypt/encrypt.c,v
> retrieving revision 1.28
> diff -u -p -r1.28 encrypt.c
> --- encrypt.c 14 Jul 2007 21:26:38 -0000 1.28
> +++ encrypt.c 20 Feb 2013 13:43:31 -0000
> @@ -63,6 +63,31 @@ usage(void)
> exit(1);
> }
>
> +int
> +ideal_rounds()
> +{
> + clock_t before, after;
> + int r = 8;
I think the minimum number of rounds needs to be documented
somehow.
> + char buf[_PASSWORD_LEN];
> + int duration;
> +
> + before = clock();
> + strlcpy(buf, bcrypt_gensalt(r), _PASSWORD_LEN);
> + crypt("testpassword", buf);
> + after = clock();
> +
> + duration = after - before;
> +
> + while (duration < 50) {
I think this magic number needs to be documented.
> + r += 1;
r++?
> + duration *= 2;
> + }
> + r -= 1;
> +
Isn't it simpler to start with measuring how long it takes to
bcrypt with r = 7 and increment that? Otherwise a comment is
needed to describe why do you pick r+1 for the measurement.
> + return r;
> +}
> +
> +
