apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Fritsch ...@sfritsch.de>
Subject Re: digest functions and validation - part 2
Date Fri, 09 May 2014 19:07:37 GMT
Am Freitag, 9. Mai 2014, 14:26:26 schrieb Helmut Tessarek:
> Thanks for the answer.
> 
> On 09.05.14 3:22 , Stefan Fritsch wrote:
> > No. But which password hashing algorithmis are used/supported by
> > apr_password_validate() is rather unrelated to which digest
> > functions are made available with a public interface. For
> > password hashing, apr-util has been supporting bcrypt since
> > version 1.5.
> 
> It's great to have bcrypt available, but I hoped that Ulrich
> Drepper's sha256 and sha512 implementations would be part as well.
> His code is public domain, so it shouldn't be a license issue. At
> the moment, bcrypt is the only safe choice really. Doesn't this
> seem a bit strange to you?
> IMO Ulrich's functions are standard these days and APR should
> include them, just my 2 cents.

bcrypt has a smaller speed-up from normal CPUs to GPUs than 
sha256crypt/sha512crypt. This means if you tune the rounds to make 
bcrypt give you the same level of security as sha*crypt, bcrypt is 
faster. For the normal login on a server, this is not really relevant 
(100ms or 500ms, who cares). But in a web server, speed is very 
relevant. You may need to do 10000s of password checks per second. You 
cannot increase the number of rounds arbitrarily.

Therefore bcrypt is more secure than sha*crypt for web servers. I 
don't see any reason to add a less secure algorithm. And I didn't 
choose scrypt because I felt it was still rather new when I included 
bcrypt support in apr.

However, there is a contest for password hashing alorithms [1]. If 
there is some winner, and after the winner has seen some scrunity from 
cryptoanalysts, it may make sense to include that into apr.

[1] https://password-hashing.net/

> 
> > What is missing is the support in httpd 2.2's htpasswd to generate
> > hashes with bcrypt. And even in 2.4, bcrypt is not yet used by
> > default. Both things should be changed, but are entirely
> > unrelated to apr.
> Yes, the httpd project seems stangely slow at times. It almost
> reminds me of IBM, where I worked for 17 years. (You have a great
> idea, which takes you half a day to implement (which you do), but
> then it takes 2 years (and a lot of administrative processes) to
> get it into a product - if at all.)


It's more like openssl. Considering the huge userbase of httpd and its 
importance for the internet's infrastructure, there are very little 
developer ressources available.


Mime
View raw message