public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libc/16814] New: RFE: Reconsider adding bcrypt (or scrypt) support
@ 2014-04-06 17:57 sf at sfritsch dot de
2014-06-12 19:46 ` [Bug libc/16814] " fweimer at redhat dot com
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: sf at sfritsch dot de @ 2014-04-06 17:57 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=16814
Bug ID: 16814
Summary: RFE: Reconsider adding bcrypt (or scrypt) support
Product: glibc
Version: unspecified
Status: NEW
Severity: enhancement
Priority: P2
Component: libc
Assignee: unassigned at sourceware dot org
Reporter: sf at sfritsch dot de
CC: drepper.fsp at gmail dot com
I know that there has been a previous request for bcrypt support in crypt(3)
[1] which has been refued. But I want to ask you to reconsider. The sha-crypt
algorithms supported by glibc today have the problem that using a GPU speeds up
brute forcing significantly. See e.g. [2]
This is especially a problem when using password hashing in situations where
the work factor (the number of rounds) cannot be increased arbitrarily:
1) on low power systems (think ARM, Atom)
2) in situations where lots of hashing operations have to be done per second.
For example on web servers for basic authentication, where the check needs to
be done for every request.
Also, adding bcrypt support to glibc improves interopability in heterogeneous
environments where accounts are distributed on many machines automatically.
There are OSs that support bcrypt but not sha-crypt. Those OSs (rightly) don't
like to add support a less secure scheme for the sake of interopability.
Of course, one could also argue for support for scrypt. It has some advantages
over bcrypt against FPGA-based attacks. But scrypt requires >1MB RAM to defend
as good against GPU-based brute forcing, and that makes its use in the
webserver scenario somewhat problematic.
[1] https://sourceware.org/bugzilla/show_bug.cgi?id=13286
[2]
http://www.openwall.com/presentations/Passwords12-The-Future-Of-Hashing/mgp00042.html
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug libc/16814] RFE: Reconsider adding bcrypt (or scrypt) support
2014-04-06 17:57 [Bug libc/16814] New: RFE: Reconsider adding bcrypt (or scrypt) support sf at sfritsch dot de
@ 2014-06-12 19:46 ` fweimer at redhat dot com
2015-07-05 17:40 ` rsawhill+sw at redhat dot com
2023-06-23 11:47 ` [Bug crypt/16814] " dominik.mierzejewski at citi dot com
2 siblings, 0 replies; 4+ messages in thread
From: fweimer at redhat dot com @ 2014-06-12 19:46 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=16814
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags| |security-
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug libc/16814] RFE: Reconsider adding bcrypt (or scrypt) support
2014-04-06 17:57 [Bug libc/16814] New: RFE: Reconsider adding bcrypt (or scrypt) support sf at sfritsch dot de
2014-06-12 19:46 ` [Bug libc/16814] " fweimer at redhat dot com
@ 2015-07-05 17:40 ` rsawhill+sw at redhat dot com
2023-06-23 11:47 ` [Bug crypt/16814] " dominik.mierzejewski at citi dot com
2 siblings, 0 replies; 4+ messages in thread
From: rsawhill+sw at redhat dot com @ 2015-07-05 17:40 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=16814
Ryan Sawhill Aroha <rsawhill+sw at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |rsawhill+sw at redhat dot com
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug crypt/16814] RFE: Reconsider adding bcrypt (or scrypt) support
2014-04-06 17:57 [Bug libc/16814] New: RFE: Reconsider adding bcrypt (or scrypt) support sf at sfritsch dot de
2014-06-12 19:46 ` [Bug libc/16814] " fweimer at redhat dot com
2015-07-05 17:40 ` rsawhill+sw at redhat dot com
@ 2023-06-23 11:47 ` dominik.mierzejewski at citi dot com
2 siblings, 0 replies; 4+ messages in thread
From: dominik.mierzejewski at citi dot com @ 2023-06-23 11:47 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=16814
Mierzejewski, Dominik <dominik.mierzejewski at citi dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dominik.mierzejewski at citi dot c
| |om
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-06-23 11:47 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-04-06 17:57 [Bug libc/16814] New: RFE: Reconsider adding bcrypt (or scrypt) support sf at sfritsch dot de
2014-06-12 19:46 ` [Bug libc/16814] " fweimer at redhat dot com
2015-07-05 17:40 ` rsawhill+sw at redhat dot com
2023-06-23 11:47 ` [Bug crypt/16814] " dominik.mierzejewski at citi dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).