Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20240327200709.GA16407@openwall.com>
Date: Wed, 27 Mar 2024 21:07:09 +0100
From: Solar Designer <solar@...nwall.com>
To: yescrypt@...ts.openwall.com
Subject: Re: yescrypt && mmap(,,,,MAP_HUGETLB) && oom-kill

Hello Matthias,

On Thu, Mar 21, 2024 at 07:16:18AM +0100, Matthias Apitz wrote:
> We know this parameter and even while creating hashes, we allow to set it
> from the server environment:
> 
> ...
>   /* allow external setting of the CPU time cost parameter */
>   char *env = getenv("YESCRYPT_CPU_TIME_COST_PARAMETER");
>   if (env != NULL)  {
>     count = atol(env);
>     if (count < 1)
>       count = 1;
>     if (count > 11)
>       count = 11;
>   }
>   ...
> 
> but the name of the env var says YESCRYPT_CPU_TIME_COST_PARAMETER
> i.e. CPU time cost, because the man page of crypt_gensalt(3) says
>      ...
>      count
>      controls the CPU time cost of the hash; the valid range for count and the
>      exact meaning of ???CPU time cost??? depends on the hashing method, but
>      larger numbers correspond to more costly hashes.
>      ...
> 
> I'd count this as a documentation bug :-(

Thank you for explaining how the documentation was misleading for you.
We're now trying to correct it in:

https://github.com/besser82/libxcrypt/pull/185

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.