Date: Thu, 28 Jan 2010 10:24:13 -0800 From: Chris Palmer <chris@noncombatant.org> To: freebsd-security@freebsd.org Subject: PHK's MD5 might not be slow enough anymore Message-ID: <20100128182413.GI892@noncombatant.org>
next in thread | raw e-mail | index | archive | help
See your copy of /usr/src/lib/libcrypt/crypt-md5.c: /* * and now, just to make sure things don't run too fast * On a 60 Mhz Pentium this takes 34 msec, so you would * need 30 seconds to build a 1000 entry dictionary... */ for(i = 0; i < 1000; i++) { MD5Init(&ctx1); if(i & 1) MD5Update(&ctx1, (const u_char *)pw, strlen(pw)); else MD5Update(&ctx1, (const u_char *)final, MD5_SIZE); if(i % 3) MD5Update(&ctx1, (const u_char *)sp, (u_int)sl); if(i % 7) MD5Update(&ctx1, (const u_char *)pw, strlen(pw)); if(i & 1) MD5Update(&ctx1, (const u_char *)final, MD5_SIZE); else MD5Update(&ctx1, (const u_char *)pw, strlen(pw)); MD5Final(final, &ctx1); } This algorithm is still the default on FreeBSD 8. (Blowfish is available -- but has it been tuned for slowness either? I have not checked.) The purpose of these functions is to be slow, but the above has not been slow for years. Hence this patch: --- crypt.h.orig 2010-01-28 10:14:50.000000000 -0800 +++ crypt.h 2010-01-28 10:17:49.000000000 -0800 @@ -32,6 +32,9 @@ #define MD4_SIZE 16 #define MD5_SIZE 16 +/* As processors get faster, increase this. 1000 was good on a Pentium 60. */ +#define MD5_SLOW 100000 + char *crypt_des(const char *pw, const char *salt); char *crypt_md5(const char *pw, const char *salt); char *crypt_nthash(const char *pw, const char *salt); --- crypt-md5.c.orig 2010-01-28 10:18:03.000000000 -0800 +++ crypt-md5.c 2010-01-28 10:19:00.000000000 -0800 @@ -107,10 +107,10 @@ /* * and now, just to make sure things don't run too fast - * On a 60 Mhz Pentium this takes 34 msec, so you would + * On a 60 Mhz Pentium MD5_SLOW = 1000 takes 34 msec, so you would * need 30 seconds to build a 1000 entry dictionary... */ - for(i = 0; i < 1000; i++) { + for(i = 0; i < MD5_SLOW; i++) { MD5Init(&ctx1); if(i & 1) MD5Update(&ctx1, (const u_char *)pw, strlen(pw));
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100128182413.GI892>