on Thu, May 23, 2002 at 12:43:44PM +0200, Martin Husemann wrote:
> > Yeah, I want it and I guess more people too :)
> 
> Excuse my ignorance, I don't know if I want it ;-)
> 
> Can someone point me to a paper or similar comparing pros and cons of
> blowfish, MD5, (IDEA?) and traditional crypt used for UNIX password storing?

Hopefully with password algorithms the fastest way to break them is by brute
force. Below are some relative numbers generated by pkgsrc/security/john.
Lower is better.
With blowfish the key length is variable up to 448 bits.

Any opinions of SRP (http://srp.stanford.edu/) as a password mechanism for
local and remote users?
(It wouldn't work as a crypt() replacement because it issues challenges.)


john the ripper benchmarks, done on a fairly quiet pII 350mhz:
c/s = combinations (of logins and passwords) per second

Benchmarking: Standard DES [48/64 4K]... DONE
Many salts:	50662 c/s real, 50662 c/s virtual
Only one salt:	46310 c/s real, 46496 c/s virtual

Benchmarking: BSDI DES (x725) [48/64 4K]... DONE
Many salts:	1731 c/s real, 1731 c/s virtual
Only one salt:	1467 c/s real, 1470 c/s virtual

Benchmarking: FreeBSD MD5 [32/32]... DONE
Raw:	881 c/s real, 881 c/s virtual

Benchmarking: OpenBSD Blowfish (x32) [32/32]... DONE
Raw:	52.4 c/s real, 52.6 c/s virtual

Benchmarking: Kerberos AFS DES [48/64 4K]... DONE
Short:	45465 c/s real, 45465 c/s virtual
Long:	102092 c/s real, 102092 c/s virtual

Benchmarking: NT LM DES [48/64 4K]... DONE
Raw:	288550 c/s real, 289709 c/s virtual