diff options
| author | Jack Lloyd <[email protected]> | 2018-07-13 21:24:55 -0400 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2018-07-13 21:24:55 -0400 |
| commit | f05cd9faf4140c38bbb10758fc010843b6bdead3 (patch) | |
| tree | 67220e816e9a737661663991f1fcd1c4a66d0632 /src/cli | |
| parent | 3e616dd02b7858865c4b8312312b6f66a96f4d33 (diff) | |
Update password hashing default settings
Bcrypt work factor 10 is looking pretty low these days, as is 100K
iterations of PBKDF2. Increase bcrypt to 12 and PBKDF2 to 150K,
and also transition passhash9 to using SHA-512 instead of SHA-256.
Also document bcrypt better, and add speed tests for bcrypt and passhash9
Diffstat (limited to 'src/cli')
| -rw-r--r-- | src/cli/speed.cpp | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index 42172f38d..0efb34ba1 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -114,6 +114,14 @@ #include <botan/scrypt.h> #endif +#if defined(BOTAN_HAS_BCRYPT) + #include <botan/bcrypt.h> +#endif + +#if defined(BOTAN_HAS_PASSHASH9) + #include <botan/passhash9.h> +#endif + namespace Botan_CLI { namespace { @@ -908,6 +916,18 @@ class Speed final : public Command bench_scrypt(provider, msec); } #endif +#if defined(BOTAN_HAS_BCRYPT) + else if(algo == "bcrypt") + { + bench_bcrypt(); + } +#endif +#if defined(BOTAN_HAS_PASSHASH9) + else if(algo == "passhash9") + { + bench_passhash9(); + } +#endif #if defined(BOTAN_HAS_DL_GROUP) else if(algo == "modexp") @@ -2157,6 +2177,51 @@ class Speed final : public Command } #endif +#if defined(BOTAN_HAS_BCRYPT) + + void bench_bcrypt() + { + const std::string password = "not a very good password"; + + for(uint8_t work_factor = 4; work_factor <= 14; ++work_factor) + { + std::unique_ptr<Timer> timer = make_timer("bcrypt wf=" + std::to_string(work_factor)); + + timer->run([&] { + Botan::generate_bcrypt(password, rng(), work_factor); + }); + + record_result(timer); + } + } +#endif + +#if defined(BOTAN_HAS_PASSHASH9) + + void bench_passhash9() + { + const std::string password = "not a very good password"; + + for(uint8_t alg = 0; alg <= 4; ++alg) + { + if(Botan::is_passhash9_alg_supported(alg) == false) + continue; + + for(uint8_t work_factor : { 10, 15 }) + { + std::unique_ptr<Timer> timer = make_timer("passhash9 alg=" + std::to_string(alg) + + " wf=" + std::to_string(work_factor)); + + timer->run([&] { + Botan::generate_passhash9(password, rng(), work_factor, alg); + }); + + record_result(timer); + } + } + } +#endif + #if defined(BOTAN_HAS_SCRYPT) void bench_scrypt(const std::string& /*provider*/, |