Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtp (Exim 4.72) (envelope-from ) id 1UZp7d-0005lX-25 for pgsql-docs@arkaria.postgresql.org; Tue, 07 May 2013 21:08:29 +0000 Received: from localhost ([127.0.0.1] helo=postgresql.org) by malur.postgresql.org with smtp (Exim 4.72) (envelope-from ) id 1UZp7c-0007WG-G7 for pgsql-docs@arkaria.postgresql.org; Tue, 07 May 2013 21:08:28 +0000 Received: from makus.postgresql.org ([2001:4800:7903:4::125]) by malur.postgresql.org with esmtp (Exim 4.72) (envelope-from ) id 1UZp7b-0007VF-1h for pgsql-docs@postgresql.org; Tue, 07 May 2013 21:08:27 +0000 Received: from mail-oa0-f47.google.com ([209.85.219.47]) by makus.postgresql.org with esmtp (Exim 4.72) (envelope-from ) id 1UZp7Y-0003dj-DJ for pgsql-docs@postgresql.org; Tue, 07 May 2013 21:08:26 +0000 Received: by mail-oa0-f47.google.com with SMTP id m1so1274561oag.34 for ; Tue, 07 May 2013 14:08:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:sender:date:x-google-sender-auth:message-id :subject:from:to:content-type; bh=LeJSKKD8ITcCBnqfbUbhXG9a+5qWT1c3N1ZWLKw0jzM=; b=bWtkaW61jRjYEDqmB41qc9lFOA3ng9Tnz8s4wvMjTqOsoUZlmY0EOAGf26+l2gwXVb J1Y35ZRi07T/2kT42xNKC2RIvYR/HHG5rFwqh3PZszfBZTSfOtnPTrghwcSFnURDeOdK YIf7Ty9BrFpnD70AfEFpYTyzfJjng9SyTBCEgBMJPxPHg+hrm7UaiH90LVarCA3W3Bcq WCU4jC82YLEY0+1AcaPpuyErTVdKDyIfZQkyq/Kft+bAE6+XKcrIPyJROevk7wHmojfF MHYe2xaPpkCc8GKR66Kb//WqXPAO7WyIQ8KK/WW5ODuEILg2xa61Nq/ltHivuR9NX8fV qN0Q== MIME-Version: 1.0 X-Received: by 10.60.148.169 with SMTP id tt9mr1098310oeb.62.1367960903381; Tue, 07 May 2013 14:08:23 -0700 (PDT) Received: by 10.182.102.2 with HTTP; Tue, 7 May 2013 14:08:23 -0700 (PDT) Date: Tue, 7 May 2013 14:08:23 -0700 X-Google-Sender-Auth: gnwCJJEy_cm2WrF6JLJc3ZqPLJ0 Message-ID: Subject: pgcrypto docs From: Miles Elam To: pgsql-docs@postgresql.org Content-Type: multipart/alternative; boundary=047d7b2e0b1bb67b2504dc27372f X-Pg-Spam-Score: -0.8 (/) List-Archive: List-Help: List-ID: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: X-Mailing-List: pgsql-docs Precedence: bulk Sender: pgsql-docs-owner@postgresql.org --047d7b2e0b1bb67b2504dc27372f Content-Type: text/plain; charset=ISO-8859-1 Currently the docs show various stats on hashes per second and time needed to find a particular key. Unfortunately since the times are based upon a Pentium 4 @1.5GHz, I worry that many would take the advice on that page at face value, e.g., "more than 100/sec is too much while less than 4/sec is too few," with a P4 in mind. Using a first-generation Core i5 processor as a baseline, we're looking roughly at about a 64x increase in processing power, not including any dedicated crypto processing in hardware like their AES extensions. The new table, simplistically adjusted by 64x is as follows. Algorithm Hashes/sec For [a-z] For [A-Za-z0-9] -------------------------------------------- crypt-bf/8 1792 4 years 3927 years crypt-bf/7 3648 2 years 1929 years crypt-bf/6 7168 1 year 982 years crypt-bf/5 13504 188 days 521 years crypt-md5 171584 15 days 41 years crypt-des 23221568 157.5 minutes 108 days sha1 37774272 90 minutes 68 days md5 150085504 22.5 minutes 17 days -------------------------------------------- Perhaps with a more up to date dataset, users would be far less likely to use far more turns of blowfish and be far more (read: appropriately) averse to using schemes like md5. After all, who wants to use a hash that can be cracked on 2-year old mainstream consumer processors in less than half an hour, let alone dedicated hardware with real money behind it. Unfortunately I only have laptops, no desktops these days. (A sign of the times?) So while I could re-run these benchmarks on a mobile i3, I don't know if that is what is appropriate for this data table. Anyway, food for thought. Cheers, Miles Elam --047d7b2e0b1bb67b2504dc27372f Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
Currently the docs show= various stats on hashes per second and time needed to find a particular ke= y.=A0 Unfortunately since the times are based upon a Pentium 4 @1.5GHz, I w= orry that many would take the advice on that page at face value, e.g., &quo= t;more than 100/sec is too much while less than 4/sec is too few," wit= h a P4 in mind.

Using a first-generation Core i5 processor as a baseline, we'= re looking roughly at about a 64x increase in processing power, not includi= ng any dedicated crypto processing in hardware like their AES extensions.
The new table, simplistically adjusted by 64x is as follows.
<= br>Algorithm=A0=A0=A0 Hashes/sec=A0=A0=A0 For [a-z]=A0=A0=A0 For [A-Za-z0-9= ]
--------------------------------------------
crypt-bf/8=A0=A0=A0 17= 92=A0=A0=A0 4 years=A0=A0=A0 3927 years
crypt-bf/7=A0=A0=A0 3648=A0=A0=A0 2 years=A0=A0=A0 1929 years
crypt-bf/6= =A0=A0=A0 7168=A0=A0=A0 1 year=A0=A0=A0=A0 982 years
crypt-bf/5=A0=A0=A0= 13504=A0 188 days=A0=A0=A0 521 years
crypt-md5=A0=A0=A0 171584=A0=A0=A0= 15 days=A0=A0=A0 41 years
crypt-des=A0=A0=A0 23221568=A0=A0=A0 157.5 mi= nutes=A0=A0=A0 108 days
sha1=A0=A0=A0 37774272=A0=A0=A0 90 minutes=A0=A0=A0 68 days
md5=A0=A0=A0= 150085504=A0=A0=A0 22.5 minutes=A0=A0=A0 17 days
----------------------= ----------------------

Perhaps with a more up to date dataset,= users would be far less likely to use far more turns of blowfish and be fa= r more (read: appropriately) averse to using schemes like md5.=A0 After all= , who wants to use a hash that can be cracked on 2-year old mainstream cons= umer processors in less than half an hour, let alone dedicated hardware wit= h real money behind it.

Unfortunately I only have laptops, no desktops these days.=A0 (A = sign of the times?)=A0 So while I could re-run these benchmarks on a mobile= i3, I don't know if that is what is appropriate for this data table.
Anyway, food for thought.


Cheers,

M= iles Elam

--047d7b2e0b1bb67b2504dc27372f--