Re: crypt_r()?

To: tech-userlevel%NetBSD.org@localhost
Subject: Re: crypt_r()?
From: Joerg Sonnenberger <joerg%bec.de@localhost>
Date: Wed, 16 Feb 2022 14:19:54 +0100

Am Tue, Feb 15, 2022 at 08:04:29PM -0500 schrieb Mouse:
> > Given that the goal of the crypt(3) interface is to be slow,
> > optimizing a memory allocation away saves nothing, except making a
> > more complicated interface.
> 
> I disagree.  It saves a bunch of error paths.  Many (most? all?) of the
> password hashing algorithms run, or can be made to run, without needing
> any heap memory at all, if you use a caller-provided buffer for the
> returned string.  I really don't like making them depend on malloc,
> though I have a hard time articulating what bothers me about it.

All modern password hashing algorithms use a large memory buffers and
will attempt to scale them according to system ressources. This applies
at least to ARGON2 (which we include) and scrypt. Thi is an essential
hardening step against FPGA/custom ASIC implementations. Even ignoring
that, the application has to deal with errors at least from general
password hashing function anyway, so there is no extra complexity in the
application.

Joerg

Follow-Ups:
- Re: crypt_r()?
  - From: Mouse

References:
- crypt_r()?
  - From: Thomas Klausner
- Re: crypt_r()?
  - From: Niclas Rosenvik
- Re: crypt_r()?
  - From: Joerg Sonnenberger
- Re: crypt_r()?
  - From: Niclas Rosenvik
- Re: crypt_r()?
  - From: Joerg Sonnenberger
- Re: crypt_r()?
  - From: Mouse

Prev by Date: Re: crypt_r()?
Next by Date: Re: crypt_r()?
Previous by Thread: Re: crypt_r()?
Next by Thread: Re: crypt_r()?
Indexes:

Home | Main Index | Thread Index | Old Index