public inbox for [email protected]
help / color / mirror / Atom feedFrom: Bruce Momjian <[email protected]>
To: Miles Elam <[email protected]>
Cc: [email protected]
Subject: Re: pgcrypto docs
Date: Wed, 4 Dec 2013 12:42:08 -0500
Message-ID: <[email protected]> (raw)
In-Reply-To: <CAPVvHdPkcmpFRwVz=tUWEdc0782nDjR1wSM8v-2Eojpw0+prvA@mail.gmail.com>
References: <CAPVvHdPj5rmf294FbWi2TuEy=hSxZMNjTURESaM5zY8P_wCJMg@mail.gmail.com>
<[email protected]>
<CAPVvHdPkcmpFRwVz=tUWEdc0782nDjR1wSM8v-2Eojpw0+prvA@mail.gmail.com>
List-Unsubscribe: <mailto:[email protected]?body=unsub%20pgsql-docs>
On Tue, May 7, 2013 at 03:47:43PM -0700, Miles Elam wrote:
> Personally I've found the relative times instructive, merely outdated. Perhaps
> using md5 as a baseline and evaluating estimates relative to that baseline?
>
> md5 = 1
> sha1 = 4
> crypt-des = 7
> crypt-md5 = 1,000
> crypt-bf/5 = 12,500
> crypt-bf/6 = 25,000
> crypt-bf/7 = 50,000
> crypt-bf/8 = 100,000
>
> This way, with the caveat that performance will vary from machine to machine,
> there is a sense of the relative costs of using each algorithm, which does not
> change as wildly with time. It lets people know how bad md5 and sha1 are for
> protecting passwords et al. It also demonstrates that each turn of blowfish in
> this module effectively doubles the time needed to crack and halves the number
> of hashes one can perform.
>
> In short, I'd hate for the baby to be thrown out with the bathwater.
I have used your new testing times, plus added these relative
measurements, which shoud give us the best of both worlds. Patch
attached; you can see the results here:
http://momjian.us/tmp/pgsql/pgcrypto.html
What speed was the I5 CPU you used?
--
Bruce Momjian <[email protected]> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ Everyone has their own god. +
--
Sent via pgsql-docs mailing list ([email protected])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-docs
Attachments:
[text/x-diff] crypto_timing.diff (4.0K, 2-crypto_timing.diff)
download | inline diff:
diff --git a/doc/src/sgml/pgcrypto.sgml b/doc/src/sgml/pgcrypto.sgml
new file mode 100644
index 57d3401..0d04f7e
*** a/doc/src/sgml/pgcrypto.sgml
--- b/doc/src/sgml/pgcrypto.sgml
*************** gen_salt(type text [, iter_count integer
*** 312,367 ****
<entry>Hashes/sec</entry>
<entry>For <literal>[a-z]</></entry>
<entry>For <literal>[A-Za-z0-9]</></entry>
</row>
</thead>
<tbody>
<row>
<entry><literal>crypt-bf/8</></entry>
! <entry>28</entry>
! <entry>246 years</entry>
! <entry>251322 years</entry>
</row>
<row>
<entry><literal>crypt-bf/7</></entry>
! <entry>57</entry>
! <entry>121 years</entry>
! <entry>123457 years</entry>
</row>
<row>
<entry><literal>crypt-bf/6</></entry>
! <entry>112</entry>
! <entry>62 years</entry>
! <entry>62831 years</entry>
</row>
<row>
<entry><literal>crypt-bf/5</></entry>
! <entry>211</entry>
! <entry>33 years</entry>
! <entry>33351 years</entry>
</row>
<row>
<entry><literal>crypt-md5</></entry>
! <entry>2681</entry>
! <entry>2.6 years</entry>
! <entry>2625 years</entry>
</row>
<row>
<entry><literal>crypt-des</></entry>
! <entry>362837</entry>
! <entry>7 days</entry>
! <entry>19 years</entry>
</row>
<row>
<entry><literal>sha1</></entry>
! <entry>590223</entry>
! <entry>4 days</entry>
! <entry>12 years</entry>
</row>
<row>
<entry><literal>md5 hash</></entry>
! <entry>2345086</entry>
! <entry>1 day</entry>
! <entry>3 years</entry>
</row>
</tbody>
</tgroup>
--- 312,376 ----
<entry>Hashes/sec</entry>
<entry>For <literal>[a-z]</></entry>
<entry>For <literal>[A-Za-z0-9]</></entry>
+ <entry>Duration relative to <literal>md5 hash</></entry>
</row>
</thead>
<tbody>
<row>
<entry><literal>crypt-bf/8</></entry>
! <entry>1792</entry>
! <entry>4 years</entry>
! <entry>3927 years</entry>
! <entry>100k</entry>
</row>
<row>
<entry><literal>crypt-bf/7</></entry>
! <entry>3648</entry>
! <entry>2 years</entry>
! <entry>1929 years</entry>
! <entry>50k</entry>
</row>
<row>
<entry><literal>crypt-bf/6</></entry>
! <entry>7168</entry>
! <entry>1 year</entry>
! <entry>982 years</entry>
! <entry>25k</entry>
</row>
<row>
<entry><literal>crypt-bf/5</></entry>
! <entry>13504</entry>
! <entry>188 days</entry>
! <entry>521 years</entry>
! <entry>12.5k</entry>
</row>
<row>
<entry><literal>crypt-md5</></entry>
! <entry>171584</entry>
! <entry>15 days</entry>
! <entry>41 years</entry>
! <entry>1k</entry>
</row>
<row>
<entry><literal>crypt-des</></entry>
! <entry>23221568</entry>
! <entry>157.5 minutes</entry>
! <entry>108 days</entry>
! <entry>7</entry>
</row>
<row>
<entry><literal>sha1</></entry>
! <entry>37774272</entry>
! <entry>90 minutes</entry>
! <entry>68 days</entry>
! <entry>4</entry>
</row>
<row>
<entry><literal>md5 hash</></entry>
! <entry>150085504</entry>
! <entry>22.5 minutes</entry>
! <entry>17 days</entry>
! <entry>1</entry>
</row>
</tbody>
</tgroup>
*************** gen_salt(type text [, iter_count integer
*** 374,380 ****
<itemizedlist>
<listitem>
<para>
! The machine used is a 1.5GHz Pentium 4.
</para>
</listitem>
<listitem>
--- 383,389 ----
<itemizedlist>
<listitem>
<para>
! The machine used is an Intel Core i5.
</para>
</listitem>
<listitem>
view thread (5+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected]
Subject: Re: pgcrypto docs
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox