On 09/07/16 09:16, Damien Miller wrote:
On Tue, 6 Sep 2016, David Coppa wrote:
Il 6 settembre 2016 14:56:32 CEST, Filippo Valsorda <m...@filippo.io> ha
scritto:
Hello,
I recently had the occasion to dive into the softraid crypto code [1]
and was quite pleased with the cleanliness of it all. However, I found
surprising the default value of 8k PBKDF2 rounds.
I know it is easy to override and I should have RTFM, but I (naively,
I'll admit) assumed OpenBSD would pick very robust defaults, erring on
the conservative side. Is it maybe time to bump it up, or pick it based
on a quick machine benchmark?
If there's consensus I might also provide a patch for the live
benchmark
option.
yes, autodetection of a sensible value would be cool...
using bcrypt_kdf would be better :)
yes, due to the larger internal state of the blowfish algorithm which is
harder to efficiently realize in dedicated hardware. However, since
bcrypt's internal state effectively is of fixed size, scrypt would be an
even better option since it allows for a parameterization of this
internal state. Is there any interest in switching to scrypt in the
context of password authentication on OpenBSD?
