Received: from malur.postgresql.org ([217.196.149.56])
 by arkaria.postgresql.org with esmtp (Exim 4.80) (envelope-from
 <pgsql-docs-owner+M7851=pgsql+2Ddocs=arkaria.postgresql.org@postgresql.org>)
 id 1VoGSo-0005wb-Uo
 for pgsql-docs@arkaria.postgresql.org; Wed, 04 Dec 2013 17:42:19 +0000
Received: from localhost ([127.0.0.1] helo=postgresql.org)
 by malur.postgresql.org with smtp (Exim 4.80) (envelope-from
 <pgsql-docs-owner+M7851=pgsql+2Ddocs=arkaria.postgresql.org@postgresql.org>)
 id 1VoGSo-0001pN-9J
 for pgsql-docs@arkaria.postgresql.org; Wed, 04 Dec 2013 17:42:18 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
 by malur.postgresql.org with esmtp (Exim 4.80)
 (envelope-from <bruce@momjian.us>) id 1VoGSn-0001pG-BT
 for pgsql-docs@postgresql.org; Wed, 04 Dec 2013 17:42:17 +0000
Received: from momjian.us ([72.94.173.45])
 by magus.postgresql.org with esmtp (Exim 4.80)
 (envelope-from <bruce@momjian.us>) id 1VoGSf-0002ur-Rh
 for pgsql-docs@postgresql.org; Wed, 04 Dec 2013 17:42:16 +0000
Received: from bruce by momjian.us with local (Exim 4.72)
 (envelope-from <bruce@momjian.us>)
 id 1VoGSe-00061h-14; Wed, 04 Dec 2013 12:42:08 -0500
Date: Wed, 4 Dec 2013 12:42:08 -0500
From: Bruce Momjian <bruce@momjian.us>
To: Miles Elam <mileselam+postgresql@gmail.com>
Cc: pgsql-docs@postgresql.org
Subject: Re: pgcrypto docs
Message-ID: <20131204174208.GF17114@momjian.us>
References: 
 <CAPVvHdPj5rmf294FbWi2TuEy=hSxZMNjTURESaM5zY8P_wCJMg@mail.gmail.com>
 <4820.1367964343@sss.pgh.pa.us>
 <CAPVvHdPkcmpFRwVz=tUWEdc0782nDjR1wSM8v-2Eojpw0+prvA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="Y5rl02BVI9TCfPar"
Content-Disposition: inline
In-Reply-To: 
 <CAPVvHdPkcmpFRwVz=tUWEdc0782nDjR1wSM8v-2Eojpw0+prvA@mail.gmail.com>
User-Agent: Mutt/1.5.20 (2009-06-14)
X-Pg-Spam-Score: -1.9 (-)
List-Archive: <http://archives.postgresql.org/pgsql-docs>
List-Help: <mailto:majordomo@postgresql.org?body=help>
List-ID: <pgsql-docs.postgresql.org>
List-Owner: <mailto:pgsql-docs-owner@postgresql.org>
List-Post: <mailto:pgsql-docs@postgresql.org>
List-Subscribe: <mailto:majordomo@postgresql.org?body=sub%20pgsql-docs>
List-Unsubscribe: <mailto:majordomo@postgresql.org?body=unsub%20pgsql-docs>
X-Mailing-List: pgsql-docs
Precedence: bulk
Sender: pgsql-docs-owner@postgresql.org


--Y5rl02BVI9TCfPar
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Tue, May  7, 2013 at 03:47:43PM -0700, Miles Elam wrote:
> Personally I've found the relative times instructive, merely outdated.  Perhaps
> using md5 as a baseline and evaluating estimates relative to that baseline?
> 
> md5 = 1
> sha1 = 4
> crypt-des = 7
> crypt-md5 = 1,000
> crypt-bf/5 = 12,500
> crypt-bf/6 = 25,000
> crypt-bf/7 = 50,000
> crypt-bf/8 = 100,000
> 
> This way, with the caveat that performance will vary from machine to machine,
> there is a sense of the relative costs of using each algorithm, which does not
> change as wildly with time.  It lets people know how bad md5 and sha1 are for
> protecting passwords et al.  It also demonstrates that each turn of blowfish in
> this module effectively doubles the time needed to crack and halves the number
> of hashes one can perform.
> 
> In short, I'd hate for the baby to be thrown out with the bathwater.

I have used your new testing times, plus added these relative
measurements, which shoud give us the best of both worlds.  Patch
attached; you can see the results here:

	http://momjian.us/tmp/pgsql/pgcrypto.html

What speed was the I5 CPU you used?

-- 
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

  + Everyone has their own god. +

--Y5rl02BVI9TCfPar
Content-Type: text/x-diff; charset=us-ascii
Content-Disposition: attachment; filename="crypto_timing.diff"

diff --git a/doc/src/sgml/pgcrypto.sgml b/doc/src/sgml/pgcrypto.sgml
new file mode 100644
index 57d3401..0d04f7e
*** a/doc/src/sgml/pgcrypto.sgml
--- b/doc/src/sgml/pgcrypto.sgml
*************** gen_salt(type text [, iter_count integer
*** 312,367 ****
         <entry>Hashes/sec</entry>
         <entry>For <literal>[a-z]</></entry>
         <entry>For <literal>[A-Za-z0-9]</></entry>
        </row>
       </thead>
       <tbody>
        <row>
         <entry><literal>crypt-bf/8</></entry>
!        <entry>28</entry>
!        <entry>246 years</entry>
!        <entry>251322 years</entry>
        </row>
        <row>
         <entry><literal>crypt-bf/7</></entry>
!        <entry>57</entry>
!        <entry>121 years</entry>
!        <entry>123457 years</entry>
        </row>
        <row>
         <entry><literal>crypt-bf/6</></entry>
!        <entry>112</entry>
!        <entry>62 years</entry>
!        <entry>62831 years</entry>
        </row>
        <row>
         <entry><literal>crypt-bf/5</></entry>
!        <entry>211</entry>
!        <entry>33 years</entry>
!        <entry>33351 years</entry>
        </row>
        <row>
         <entry><literal>crypt-md5</></entry>
!        <entry>2681</entry>
!        <entry>2.6 years</entry>
!        <entry>2625 years</entry>
        </row>
        <row>
         <entry><literal>crypt-des</></entry>
!        <entry>362837</entry>
!        <entry>7 days</entry>
!        <entry>19 years</entry>
        </row>
        <row>
         <entry><literal>sha1</></entry>
!        <entry>590223</entry>
!        <entry>4 days</entry>
!        <entry>12 years</entry>
        </row>
        <row>
         <entry><literal>md5 hash</></entry>
!        <entry>2345086</entry>
!        <entry>1 day</entry>
!        <entry>3 years</entry>
        </row>
       </tbody>
      </tgroup>
--- 312,376 ----
         <entry>Hashes/sec</entry>
         <entry>For <literal>[a-z]</></entry>
         <entry>For <literal>[A-Za-z0-9]</></entry>
+        <entry>Duration relative to <literal>md5 hash</></entry>
        </row>
       </thead>
       <tbody>
        <row>
         <entry><literal>crypt-bf/8</></entry>
!        <entry>1792</entry>
!        <entry>4 years</entry>
!        <entry>3927 years</entry>
!        <entry>100k</entry>
        </row>
        <row>
         <entry><literal>crypt-bf/7</></entry>
!        <entry>3648</entry>
!        <entry>2 years</entry>
!        <entry>1929 years</entry>
!        <entry>50k</entry>
        </row>
        <row>
         <entry><literal>crypt-bf/6</></entry>
!        <entry>7168</entry>
!        <entry>1 year</entry>
!        <entry>982 years</entry>
!        <entry>25k</entry>
        </row>
        <row>
         <entry><literal>crypt-bf/5</></entry>
!        <entry>13504</entry>
!        <entry>188 days</entry>
!        <entry>521 years</entry>
!        <entry>12.5k</entry>
        </row>
        <row>
         <entry><literal>crypt-md5</></entry>
!        <entry>171584</entry>
!        <entry>15 days</entry>
!        <entry>41 years</entry>
!        <entry>1k</entry>
        </row>
        <row>
         <entry><literal>crypt-des</></entry>
!        <entry>23221568</entry>
!        <entry>157.5 minutes</entry>
!        <entry>108 days</entry>
!        <entry>7</entry>
        </row>
        <row>
         <entry><literal>sha1</></entry>
!        <entry>37774272</entry>
!        <entry>90 minutes</entry>
!        <entry>68 days</entry>
!        <entry>4</entry>
        </row>
        <row>
         <entry><literal>md5 hash</></entry>
!        <entry>150085504</entry>
!        <entry>22.5 minutes</entry>
!        <entry>17 days</entry>
!        <entry>1</entry>
        </row>
       </tbody>
      </tgroup>
*************** gen_salt(type text [, iter_count integer
*** 374,380 ****
     <itemizedlist>
      <listitem>
       <para>
!      The machine used is a 1.5GHz Pentium 4.
       </para>
      </listitem>
      <listitem>
--- 383,389 ----
     <itemizedlist>
      <listitem>
       <para>
!      The machine used is an Intel Core i5.
       </para>
      </listitem>
      <listitem>

--Y5rl02BVI9TCfPar
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0


-- 
Sent via pgsql-docs mailing list (pgsql-docs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-docs

--Y5rl02BVI9TCfPar--