Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 28 Jan 2010 17:44:19 -0500 (EST)
From:      Mike Andrews <mandrews@bit0.com>
To:        freebsd-security@freebsd.org
Subject:   Re: PHK's MD5 might not be slow enough anymore
Message-ID:  <alpine.BSF.2.00.1001281738110.43056@beast.int.bit0.com>
In-Reply-To: <4B620DAC.4080608@bit0.com>
References:  <20100128182413.GI892@noncombatant.org> <20100128135410.7b6fe154.wmoran@collaborativefusion.com> <20100128193941.GK892@noncombatant.org> <20100128151026.5738b6c1.wmoran@collaborativefusion.com> <20100128201857.GP892@noncombatant.org> <4B620DAC.4080608@bit0.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, 28 Jan 2010, Mike Andrews wrote:

> On 1/28/10 3:18 PM, Chris Palmer wrote:
>> For backwards compatibility, which do people prefer: Creating a new $N$
>> prefix every time we re-tune the algorithm, or using a new notation to say
>> how many times this password was hashed? For example: $1.1000$, $1.100000$,
>> et c.?
>> 
>> I prefer the latter. It can work with Blowfish, too, and anything else
>> people come up with in the future.
>
> The Blowfish one already has that feature.
>
> A long time ago (like FreeBSD 6.something, maybe earlier) I changed all my 
> /etc/login.conf files to set "passwd_format=blf" and all my password hashes 
> are in the format "$2a$04$salthash" -- with the "04" being the (default) 
> number of rounds of Blowfish to run.  I have some users where it's set to 11 
> rounds, and as you'd expect, it puts a pretty big hurt on the ability of 
> things like John The Ripper to attack the hashes.

Actaully that's not the number of rounds, it's the log2() of the number of 
rounds.  So 04 is really 2^4=16 rounds (the minimum), 11 is 2^11=2048 
rounds, and the maximum is 31 -- which as the source code states, oughta 
scale pretty well for a while.  :)

See /usr/src/secure/lib/libcrypt/crypt-blowfish.c

There is probably a login.conf knob to raise the default number of rounds 
beyond 2^4.

But the point remains: look at what FreeBSD already has.  :)

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1001281738110.43056>