aboutsummaryrefslogtreecommitdiffstats
path: root/src/cli/speed.cpp
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2018-07-13 21:24:55 -0400
committerJack Lloyd <[email protected]>2018-07-13 21:24:55 -0400
commitf05cd9faf4140c38bbb10758fc010843b6bdead3 (patch)
tree67220e816e9a737661663991f1fcd1c4a66d0632 /src/cli/speed.cpp
parent3e616dd02b7858865c4b8312312b6f66a96f4d33 (diff)
Update password hashing default settings
Bcrypt work factor 10 is looking pretty low these days, as is 100K iterations of PBKDF2. Increase bcrypt to 12 and PBKDF2 to 150K, and also transition passhash9 to using SHA-512 instead of SHA-256. Also document bcrypt better, and add speed tests for bcrypt and passhash9
Diffstat (limited to 'src/cli/speed.cpp')
-rw-r--r--src/cli/speed.cpp65
1 files changed, 65 insertions, 0 deletions
diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp
index 42172f38d..0efb34ba1 100644
--- a/src/cli/speed.cpp
+++ b/src/cli/speed.cpp
@@ -114,6 +114,14 @@
#include <botan/scrypt.h>
#endif
+#if defined(BOTAN_HAS_BCRYPT)
+ #include <botan/bcrypt.h>
+#endif
+
+#if defined(BOTAN_HAS_PASSHASH9)
+ #include <botan/passhash9.h>
+#endif
+
namespace Botan_CLI {
namespace {
@@ -908,6 +916,18 @@ class Speed final : public Command
bench_scrypt(provider, msec);
}
#endif
+#if defined(BOTAN_HAS_BCRYPT)
+ else if(algo == "bcrypt")
+ {
+ bench_bcrypt();
+ }
+#endif
+#if defined(BOTAN_HAS_PASSHASH9)
+ else if(algo == "passhash9")
+ {
+ bench_passhash9();
+ }
+#endif
#if defined(BOTAN_HAS_DL_GROUP)
else if(algo == "modexp")
@@ -2157,6 +2177,51 @@ class Speed final : public Command
}
#endif
+#if defined(BOTAN_HAS_BCRYPT)
+
+ void bench_bcrypt()
+ {
+ const std::string password = "not a very good password";
+
+ for(uint8_t work_factor = 4; work_factor <= 14; ++work_factor)
+ {
+ std::unique_ptr<Timer> timer = make_timer("bcrypt wf=" + std::to_string(work_factor));
+
+ timer->run([&] {
+ Botan::generate_bcrypt(password, rng(), work_factor);
+ });
+
+ record_result(timer);
+ }
+ }
+#endif
+
+#if defined(BOTAN_HAS_PASSHASH9)
+
+ void bench_passhash9()
+ {
+ const std::string password = "not a very good password";
+
+ for(uint8_t alg = 0; alg <= 4; ++alg)
+ {
+ if(Botan::is_passhash9_alg_supported(alg) == false)
+ continue;
+
+ for(uint8_t work_factor : { 10, 15 })
+ {
+ std::unique_ptr<Timer> timer = make_timer("passhash9 alg=" + std::to_string(alg) +
+ " wf=" + std::to_string(work_factor));
+
+ timer->run([&] {
+ Botan::generate_passhash9(password, rng(), work_factor, alg);
+ });
+
+ record_result(timer);
+ }
+ }
+ }
+#endif
+
#if defined(BOTAN_HAS_SCRYPT)
void bench_scrypt(const std::string& /*provider*/,