Update password hashing default settings

Bcrypt work factor 10 is looking pretty low these days, as is 100K
iterations of PBKDF2. Increase bcrypt to 12 and PBKDF2 to 150K,
and also transition passhash9 to using SHA-512 instead of SHA-256.

Also document bcrypt better, and add speed tests for bcrypt and passhash9

5 files changed, 71 insertions, 4 deletions

diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp
index 42172f38d..0efb34ba1 100644
--- a/src/cli/speed.cpp
+++ b/src/cli/speed.cpp
@@ -114,6 +114,14 @@
    #include <botan/scrypt.h>
 #endif
 
+#if defined(BOTAN_HAS_BCRYPT)
+   #include <botan/bcrypt.h>
+#endif
+
+#if defined(BOTAN_HAS_PASSHASH9)
+   #include <botan/passhash9.h>
+#endif
+
 namespace Botan_CLI {
 
 namespace {
@@ -908,6 +916,18 @@ class Speed final : public Command
                bench_scrypt(provider, msec);
                }
 #endif
+#if defined(BOTAN_HAS_BCRYPT)
+            else if(algo == "bcrypt")
+               {
+               bench_bcrypt();
+               }
+#endif
+#if defined(BOTAN_HAS_PASSHASH9)
+            else if(algo == "passhash9")
+               {
+               bench_passhash9();
+               }
+#endif
 
 #if defined(BOTAN_HAS_DL_GROUP)
             else if(algo == "modexp")
@@ -2157,6 +2177,51 @@ class Speed final : public Command
          }
 #endif
 
+#if defined(BOTAN_HAS_BCRYPT)
+
+      void bench_bcrypt()
+         {
+         const std::string password = "not a very good password";
+
+         for(uint8_t work_factor = 4; work_factor <= 14; ++work_factor)
+            {
+            std::unique_ptr<Timer> timer = make_timer("bcrypt wf=" + std::to_string(work_factor));
+
+            timer->run([&] {
+               Botan::generate_bcrypt(password, rng(), work_factor);
+                  });
+
+            record_result(timer);
+            }
+         }
+#endif
+
+#if defined(BOTAN_HAS_PASSHASH9)
+
+      void bench_passhash9()
+         {
+         const std::string password = "not a very good password";
+
+         for(uint8_t alg = 0; alg <= 4; ++alg)
+            {
+            if(Botan::is_passhash9_alg_supported(alg) == false)
+               continue;
+
+            for(uint8_t work_factor : { 10, 15 })
+               {
+               std::unique_ptr<Timer> timer = make_timer("passhash9 alg=" + std::to_string(alg) +
+                                                         " wf=" + std::to_string(work_factor));
+
+               timer->run([&] {
+                  Botan::generate_passhash9(password, rng(), work_factor, alg);
+                  });
+
+               record_result(timer);
+               }
+            }
+         }
+#endif
+
 #if defined(BOTAN_HAS_SCRYPT)
 
       void bench_scrypt(const std::string& /*provider*/,
diff --git a/src/lib/passhash/bcrypt/bcrypt.h b/src/lib/passhash/bcrypt/bcrypt.h
index 7d46e836c..cdf9cf3d1 100644
--- a/src/lib/passhash/bcrypt/bcrypt.h
+++ b/src/lib/passhash/bcrypt/bcrypt.h
@@ -33,7 +33,7 @@ class RandomNumberGenerator;
 */
 std::string BOTAN_PUBLIC_API(2,0) generate_bcrypt(const std::string& password,
                                                   RandomNumberGenerator& rng,
-                                                  uint16_t work_factor = 10,
+                                                  uint16_t work_factor = 12,
                                                   char version = 'a');
 
 /**
diff --git a/src/lib/passhash/passhash9/passhash9.cpp b/src/lib/passhash/passhash9/passhash9.cpp
index 9b4a31370..98f5a54d5 100644
--- a/src/lib/passhash/passhash9/passhash9.cpp
+++ b/src/lib/passhash/passhash9/passhash9.cpp
@@ -46,6 +46,8 @@ std::string generate_passhash9(const std::string& pass,
                                uint16_t work_factor,
                                uint8_t alg_id)
    {
+   BOTAN_ARG_CHECK(work_factor > 0 && work_factor < 512, "Invalid Passhash9 work factor");
+
    std::unique_ptr<MessageAuthenticationCode> prf = get_pbkdf_prf(alg_id);
 
    if(!prf)
diff --git a/src/lib/passhash/passhash9/passhash9.h b/src/lib/passhash/passhash9/passhash9.h
index 5844c9f22..b312cb1bf 100644
--- a/src/lib/passhash/passhash9/passhash9.h
+++ b/src/lib/passhash/passhash9/passhash9.h
@@ -30,8 +30,8 @@ class RandomNumberGenerator;
 */
 std::string BOTAN_PUBLIC_API(2,0) generate_passhash9(const std::string& password,
                                          RandomNumberGenerator& rng,
-                                         uint16_t work_factor = 10,
-                                         uint8_t alg_id = 1);
+                                         uint16_t work_factor = 15,
+                                         uint8_t alg_id = 4);
 
 /**
 * Check a previously created password hash
diff --git a/src/scripts/test_cli.py b/src/scripts/test_cli.py
index 340d87e6b..6c0355a18 100755
--- a/src/scripts/test_cli.py
+++ b/src/scripts/test_cli.py
@@ -542,7 +542,7 @@ def cli_speed_tests():
             logging.error("Unexpected line %s", line)
 
     math_ops = ['mp_mul', 'modexp', 'random_prime', 'inverse_mod', 'rfc3394', 'fpe_fe1',
-                'bn_redc', 'nistp_redc', 'ecc_mult', 'ecc_ops', 'os2ecp']
+                'bn_redc', 'nistp_redc', 'ecc_mult', 'ecc_ops', 'os2ecp', 'bcrypt', 'passhash9']
 
     format_re = re.compile(r'^.* [0-9]+ /sec; [0-9]+\.[0-9]+ ms/op .*\([0-9]+ (op|ops) in [0-9]+(\.[0-9]+)? ms\)')
     for op in math_ops: