Re: Default password hash

看板FB_security作者時間13年前 (2012/06/12 02:01), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串45/47 (看更多)
On Mon, 11 Jun 2012 14:44:02 +0400 Lev Serebryakov wrote: > Hello, Simon. > You wrote 10 噮 2012 , 14:02:50: > > SLBN> Has anyone looked at how long the SHA512 password hashing > SLBN> actually takes on modern computers? > Modern computers are not what should you afraid. Modern GPUs are. > And they are incredibly fast in calculation of MD5, SHA-1 and SHA-2. > > Modern key-derivation schemes must be RAM-heavy, not CPU-heavy. They should be both, the point of scrypt is to optimize for normal ratios of cpu power to memory. > And I don't understand, why should we use our home-grown > "strengthening" algorithms instead of "standard" choices: PBKDF2[1], > bcrypt[2] and (my favorite) scrypt[3]. We already have bcrypt, it's called blowfish. I think what's needed is a self-tuning algorithm that tracks CPU time. IMO geli's PKCS #5 implementation is obsolete because it's based on core time. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 rwmaillists. 的文章
文章代碼(AID): #1FrZ9VMA (FB_security)
討論串 (同標題文章)
完整討論串 (本文為第 45 之 47 篇):
排序: 最新先 | 最舊先 | 留言數
在新視窗開啟完整討論串 (共47篇)
更多 rwmaillists. 的文章
文章代碼(AID): #1FrZ9VMA (FB_security)