From owner-freebsd-current@FreeBSD.ORG Sat Mar 8 05:30:45 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 001D919B for ; Sat, 8 Mar 2014 05:30:44 +0000 (UTC) Received: from mail-ig0-f174.google.com (mail-ig0-f174.google.com [209.85.213.174]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id B9A45B93 for ; Sat, 8 Mar 2014 05:30:44 +0000 (UTC) Received: by mail-ig0-f174.google.com with SMTP id h18so3811530igc.1 for ; Fri, 07 Mar 2014 21:30:38 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:sender:content-type:mime-version:subject:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=JCpziJV/Xs/BmuQcAMsA6/gCtyhGznTbzWYznqG7gRY=; b=InXHDkgTehzvsU9gcHpMLN6jsw1+r6G2ue04tUZbuUn882bxrjUwjnMTlsLl6zryLz oe2IaDfTZdE0w+3Au7h5FcGuw10qpKBpCFr5P1YeeVApkDZ9gm6lNQ723Y4pKsQRVbKb iAglhHMD5MsjBSFw3SnTXX09tb6F49QgwKvK3n9orVxm1SqaWWYpRWwS8dHn5zqtZg5g QWCfcx9KNcW4wJct+Bnkx6VMNWvLz5i58Ee7iQY4NAOC4WfYVr8nWZd1hMcnFS6ChEA7 G7GxvS6Ubd5p2T7+Myjm/9EqvrMk+RcO4cR4AntpdsPsTi4sfH9cg3n9OFrKOpQoc1/+ Cd8w== X-Gm-Message-State: ALoCoQn0cIF/yQot6uSsq9TETuIJ9YDA5ji8NvmJVsjQBFRT7tCNKuMes0aDfh7fLKhEcxZLTNDl X-Received: by 10.42.103.199 with SMTP id n7mr10033328ico.46.1394256638277; Fri, 07 Mar 2014 21:30:38 -0800 (PST) Received: from netflix-mac.bsdimp.com (50-78-194-198-static.hfc.comcastbusiness.net. [50.78.194.198]) by mx.google.com with ESMTPSA id rj10sm10206264igc.8.2014.03.07.21.30.37 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 07 Mar 2014 21:30:37 -0800 (PST) Sender: Warner Losh Content-Type: text/plain; charset=windows-1252 Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\)) Subject: Re: Feature Proposal: Transparent upgrade of crypt() algorithms From: Warner Losh In-Reply-To: <531AA900.6090406@allanjude.com> Date: Fri, 7 Mar 2014 22:30:36 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: <39EE68A1-E2F5-4373-BFC9-D1C3156B0056@gmail.com> References: <2167732.JmQmEPMV2N@desktop.reztek> <201403070913.30359.jhb@freebsd.org> <5319DE84.3040602@allanjude.com> <20140307161313.GA49137@nanocomputer.nanoman.ca> <531A2CC1.8080802@allanjude.com> <20140307215223.GB49137@nanocomputer.nanoman.ca> <531A42F3.5020207@delphij.net> <531A4DE1.3070507@allanjude.com> <20140307230715.GA17019@funkthat.com> <531A67B4.1010303@delphij.net> <20140308021536.GB17019@funkthat.com> <531AA900.6090406@allanjude.com> To: Allan Jude X-Mailer: Apple Mail (2.1874) Cc: nanoman@nanoman.ca, freebsd-current@freebsd.org, d@delphij.net, secteam@freebsd.org, =?windows-1252?Q?Dag-Erling_Sm=F8rgrav?= X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 Mar 2014 05:30:45 -0000 On Mar 7, 2014, at 10:22 PM, Allan Jude wrote: >> Performance for default, sha512 w/ 5k rounds: >> AMD A10-5700 3.4GHz 3.8ms >> AMD Opteron 4228 HE 2.8Ghz 5.4ms >> Intel(R) Xeon(R) X5650 2.67GHz 4.0ms >>=20 >> these times are aprox as the timing varies quite a bit, ~+/-10%=85 And what would that be on a RPi or other embedded device? And do the extra route have a peer-reviewed paper showing the increased = strength? > One possible solution would be just setting the default login.conf > number of rounds, based on a test in the installer. Although this = won't > help for systems that are deployed by imaging, or VM images (like EC2 > images) etc. I=92m not sure that=92s a good idea. Warner