Feature Proposal: Transparent upgrade of crypt() algorithms
Warner Losh
imp at bsdimp.com
Sat Mar 8 05:30:45 UTC 2014
On Mar 7, 2014, at 10:22 PM, Allan Jude <freebsd at allanjude.com> wrote:
>> Performance for default, sha512 w/ 5k rounds:
>> AMD A10-5700 3.4GHz 3.8ms
>> AMD Opteron 4228 HE 2.8Ghz 5.4ms
>> Intel(R) Xeon(R) X5650 2.67GHz 4.0ms
>>
>> these times are aprox as the timing varies quite a bit, ~+/-10%…
And what would that be on a RPi or other embedded device?
And do the extra route have a peer-reviewed paper showing the increased strength?
> One possible solution would be just setting the default login.conf
> number of rounds, based on a test in the installer. Although this won't
> help for systems that are deployed by imaging, or VM images (like EC2
> images) etc.
I’m not sure that’s a good idea.
Warner
More information about the freebsd-current
mailing list