On 06/10/2012 06:02 AM, Simon L. B. Nielsen wrote: > Has anyone looked at how long the SHA512 password hashing actually > takes on modern computers? The "real" solution for people who care > significantly about this seems something like the algorithm pjd > implemented (I think he did it at least) for GELI, where the number of > rounds is variable and calculated so it takes X/0.X seconds on the > specific hardware used. That's of course a lot more complicated, and > I'm not sure if it would work with the crypt() API. I'm kinda curious about this: I take it you'd encode the number of rounds in the string somehow? Otherwise, the hash wouldn't be portable to another machine (or even if you upgrade the current machine). -- Matt Piechota _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"