Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <Zl_xmcMvzwc2ylN-@c720-1400094>
Date: Wed, 5 Jun 2024 07:03:21 +0200
From: Matthias Apitz <guru@...xarea.de>
To: yescrypt@...ts.openwall.com
Subject: Re: yescrypt && mmap(,,,,MAP_HUGETLB) && oom-kill

El día miércoles, marzo 27, 2024 a las 09:07:09p. m. +0100, Solar Designer escribió:

> Hello Matthias,
> 
> On Thu, Mar 21, 2024 at 07:16:18AM +0100, Matthias Apitz wrote:
> > We know this parameter and even while creating hashes, we allow to set it
> > from the server environment:
> > 
> > ...
> >   /* allow external setting of the CPU time cost parameter */
> >   char *env = getenv("YESCRYPT_CPU_TIME_COST_PARAMETER");
> >   if (env != NULL)  {
> >     count = atol(env);
> >     if (count < 1)
> >       count = 1;
> >     if (count > 11)
> >       count = 11;
> >   }
> >   ...
> > 
> > but the name of the env var says YESCRYPT_CPU_TIME_COST_PARAMETER
> > i.e. CPU time cost, because the man page of crypt_gensalt(3) says
> >      ...
> >      count
> >      controls the CPU time cost of the hash; the valid range for count and the
> >      exact meaning of ???CPU time cost??? depends on the hashing method, but
> >      larger numbers correspond to more costly hashes.
> >      ...
> > 
> > I'd count this as a documentation bug :-(
> 
> Thank you for explaining how the documentation was misleading for you.
> We're now trying to correct it in:
> 
> https://github.com/besser82/libxcrypt/pull/185
> 
> Alexander

Alexander,

We have the count parameter for crypt_gensalt(3) now as an evironment variable 
YESCRYPT_CPU_TIME_COST_PARAMETER in our server so the admin of the
installation can adjust it depending of the RAM situation, defaulting to 7;

YESCRYPT_CPU_TIME_COST_PARAMETER    RAM (MB)
5                                   16
6                                   33
7                                   67
8                                   134
9                                   268
10                                  536
11                                  1.073

I'm assuming (even if the man pages of crypt_gensalt(3), crypt(3) and
crypt(5) don't say this exactly, that a higher value for count gives
"better" or more "secure" hashes. What is the exact benefit of a higher
count value? Maybe even this should be explained somewhere. I hope I
haven't overlooked it.

Thanks for a few words explanation.

	matthias


-- 
Matthias Apitz, ✉ guru@...xarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.