From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 24565 invoked by alias); 6 Apr 2014 17:57:57 -0000 Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org Received: (qmail 24525 invoked by uid 48); 6 Apr 2014 17:57:51 -0000 From: "sf at sfritsch dot de" To: glibc-bugs@sourceware.org Subject: [Bug libc/16814] New: RFE: Reconsider adding bcrypt (or scrypt) support Date: Sun, 06 Apr 2014 17:57:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: libc X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: enhancement X-Bugzilla-Who: sf at sfritsch dot de X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter cc Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2014-04/txt/msg00041.txt.bz2 https://sourceware.org/bugzilla/show_bug.cgi?id=16814 Bug ID: 16814 Summary: RFE: Reconsider adding bcrypt (or scrypt) support Product: glibc Version: unspecified Status: NEW Severity: enhancement Priority: P2 Component: libc Assignee: unassigned at sourceware dot org Reporter: sf at sfritsch dot de CC: drepper.fsp at gmail dot com I know that there has been a previous request for bcrypt support in crypt(3) [1] which has been refued. But I want to ask you to reconsider. The sha-crypt algorithms supported by glibc today have the problem that using a GPU speeds up brute forcing significantly. See e.g. [2] This is especially a problem when using password hashing in situations where the work factor (the number of rounds) cannot be increased arbitrarily: 1) on low power systems (think ARM, Atom) 2) in situations where lots of hashing operations have to be done per second. For example on web servers for basic authentication, where the check needs to be done for every request. Also, adding bcrypt support to glibc improves interopability in heterogeneous environments where accounts are distributed on many machines automatically. There are OSs that support bcrypt but not sha-crypt. Those OSs (rightly) don't like to add support a less secure scheme for the sake of interopability. Of course, one could also argue for support for scrypt. It has some advantages over bcrypt against FPGA-based attacks. But scrypt requires >1MB RAM to defend as good against GPU-based brute forcing, and that makes its use in the webserver scenario somewhat problematic. [1] https://sourceware.org/bugzilla/show_bug.cgi?id=13286 [2] http://www.openwall.com/presentations/Passwords12-The-Future-Of-Hashing/mgp00042.html -- You are receiving this mail because: You are on the CC list for the bug.