Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 28 Jan 2010 10:24:13 -0800
From:      Chris Palmer <chris@noncombatant.org>
To:        freebsd-security@freebsd.org
Subject:   PHK's MD5 might not be slow enough anymore
Message-ID:  <20100128182413.GI892@noncombatant.org>
next in thread | raw e-mail | index | archive | help 
See your copy of /usr/src/lib/libcrypt/crypt-md5.c:

        /*
         * and now, just to make sure things don't run too fast
         * On a 60 Mhz Pentium this takes 34 msec, so you would
         * need 30 seconds to build a 1000 entry dictionary...
         */
        for(i = 0; i < 1000; i++) {
               MD5Init(&ctx1);
               if(i & 1)
                       MD5Update(&ctx1, (const u_char *)pw, strlen(pw));
               else
                       MD5Update(&ctx1, (const u_char *)final, MD5_SIZE);

               if(i % 3)
                       MD5Update(&ctx1, (const u_char *)sp, (u_int)sl);

               if(i % 7)
                       MD5Update(&ctx1, (const u_char *)pw, strlen(pw));

               if(i & 1)
                       MD5Update(&ctx1, (const u_char *)final, MD5_SIZE);
               else
                       MD5Update(&ctx1, (const u_char *)pw, strlen(pw));
               MD5Final(final, &ctx1);
        }

This algorithm is still the default on FreeBSD 8. (Blowfish is available --
but has it been tuned for slowness either? I have not checked.) The purpose
of these functions is to be slow, but the above has not been slow for years.
Hence this patch:


--- crypt.h.orig	2010-01-28 10:14:50.000000000 -0800
+++ crypt.h	2010-01-28 10:17:49.000000000 -0800
@@ -32,6 +32,9 @@
 #define MD4_SIZE 16
 #define MD5_SIZE 16
 
+/* As processors get faster, increase this. 1000 was good on a Pentium 60. */
+#define MD5_SLOW 100000
+
 char *crypt_des(const char *pw, const char *salt);
 char *crypt_md5(const char *pw, const char *salt);
 char *crypt_nthash(const char *pw, const char *salt);


--- crypt-md5.c.orig	2010-01-28 10:18:03.000000000 -0800
+++ crypt-md5.c	2010-01-28 10:19:00.000000000 -0800
@@ -107,10 +107,10 @@
 
 	/*
 	 * and now, just to make sure things don't run too fast
-	 * On a 60 Mhz Pentium this takes 34 msec, so you would
+	 * On a 60 Mhz Pentium MD5_SLOW = 1000 takes 34 msec, so you would
 	 * need 30 seconds to build a 1000 entry dictionary...
 	 */
-	for(i = 0; i < 1000; i++) {
+	for(i = 0; i < MD5_SLOW; i++) {
 		MD5Init(&ctx1);
 		if(i & 1)
 			MD5Update(&ctx1, (const u_char *)pw, strlen(pw));

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100128182413.GI892>