This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug libc/16814] New: RFE: Reconsider adding bcrypt (or scrypt) support

From: "sf at sfritsch dot de" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sourceware dot org
Date: Sun, 06 Apr 2014 17:57:48 +0000
Subject: [Bug libc/16814] New: RFE: Reconsider adding bcrypt (or scrypt) support
Auto-submitted: auto-generated

https://sourceware.org/bugzilla/show_bug.cgi?id=16814

            Bug ID: 16814
           Summary: RFE: Reconsider adding bcrypt (or scrypt) support
           Product: glibc
           Version: unspecified
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: libc
          Assignee: unassigned at sourceware dot org
          Reporter: sf at sfritsch dot de
                CC: drepper.fsp at gmail dot com

I know that there has been a previous request for bcrypt support in crypt(3)
[1] which has been refued. But I want to ask you to reconsider. The sha-crypt
algorithms supported by glibc today have the problem that using a GPU speeds up
brute forcing significantly. See e.g. [2]

This is especially a problem when using password hashing in situations where
the work factor (the number of rounds) cannot be increased arbitrarily:

1) on low power systems (think ARM, Atom)
2) in situations where lots of hashing operations have to be done per second.
For example on web servers for basic authentication, where the check needs to
be done for every request.

Also, adding bcrypt support to glibc improves interopability in heterogeneous
environments where accounts are distributed on many machines automatically.
There are OSs that support bcrypt but not sha-crypt. Those OSs (rightly) don't
like to add support a less secure scheme for the sake of interopability.

Of course, one could also argue for support for scrypt. It has some advantages
over bcrypt against FPGA-based attacks. But scrypt requires >1MB RAM to defend
as good against GPU-based brute forcing, and that makes its use in the
webserver scenario somewhat problematic.


[1] https://sourceware.org/bugzilla/show_bug.cgi?id=13286
[2]
http://www.openwall.com/presentations/Passwords12-The-Future-Of-Hashing/mgp00042.html

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]