Feature Proposal: Transparent upgrade of crypt() algorithms

Warner Losh imp at bsdimp.com
Sat Mar 8 05:30:45 UTC 2014


On Mar 7, 2014, at 10:22 PM, Allan Jude <freebsd at allanjude.com> wrote:
>> Performance for default, sha512 w/ 5k rounds:
>> AMD A10-5700 3.4GHz		3.8ms
>> AMD Opteron 4228 HE 2.8Ghz	5.4ms
>> Intel(R) Xeon(R) X5650 2.67GHz	4.0ms
>> 
>> these times are aprox as the timing varies quite a bit, ~+/-10%…

And what would that be on a RPi or other embedded device?

And do the extra route have a peer-reviewed paper showing the increased strength?

> One possible solution would be just setting the default login.conf
> number of rounds, based on a test in the installer. Although this won't
> help for systems that are deployed by imaging, or VM images (like EC2
> images) etc.

I’m not sure that’s a good idea.

Warner



More information about the freebsd-current mailing list