public inbox for [email protected]
help / color / mirror / Atom feedFrom: Miles Elam <[email protected]>
To: [email protected]
Subject: pgcrypto docs
Date: Tue, 7 May 2013 14:08:23 -0700
Message-ID: <CAPVvHdPj5rmf294FbWi2TuEy=hSxZMNjTURESaM5zY8P_wCJMg@mail.gmail.com> (raw)
List-Unsubscribe: <mailto:[email protected]?body=unsub%20pgsql-docs>
Currently the docs show various stats on hashes per second and time needed
to find a particular key. Unfortunately since the times are based upon a
Pentium 4 @1.5GHz, I worry that many would take the advice on that page at
face value, e.g., "more than 100/sec is too much while less than 4/sec is
too few," with a P4 in mind.
Using a first-generation Core i5 processor as a baseline, we're looking
roughly at about a 64x increase in processing power, not including any
dedicated crypto processing in hardware like their AES extensions.
The new table, simplistically adjusted by 64x is as follows.
Algorithm Hashes/sec For [a-z] For [A-Za-z0-9]
--------------------------------------------
crypt-bf/8 1792 4 years 3927 years
crypt-bf/7 3648 2 years 1929 years
crypt-bf/6 7168 1 year 982 years
crypt-bf/5 13504 188 days 521 years
crypt-md5 171584 15 days 41 years
crypt-des 23221568 157.5 minutes 108 days
sha1 37774272 90 minutes 68 days
md5 150085504 22.5 minutes 17 days
--------------------------------------------
Perhaps with a more up to date dataset, users would be far less likely to
use far more turns of blowfish and be far more (read: appropriately) averse
to using schemes like md5. After all, who wants to use a hash that can be
cracked on 2-year old mainstream consumer processors in less than half an
hour, let alone dedicated hardware with real money behind it.
Unfortunately I only have laptops, no desktops these days. (A sign of the
times?) So while I could re-run these benchmarks on a mobile i3, I don't
know if that is what is appropriate for this data table.
Anyway, food for thought.
Cheers,
Miles Elam
view thread (5+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected]
Subject: Re: pgcrypto docs
In-Reply-To: <CAPVvHdPj5rmf294FbWi2TuEy=hSxZMNjTURESaM5zY8P_wCJMg@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox