Re: pgcrypto docs - Miles Elam

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Miles Elam <[email protected]>
To: [email protected]
Subject: Re: pgcrypto docs
Date: Tue, 7 May 2013 15:47:43 -0700
Message-ID: <CAPVvHdPkcmpFRwVz=tUWEdc0782nDjR1wSM8v-2Eojpw0+prvA@mail.gmail.com> (raw)
In-Reply-To: <[email protected]>
References: <CAPVvHdPj5rmf294FbWi2TuEy=hSxZMNjTURESaM5zY8P_wCJMg@mail.gmail.com>
	<[email protected]>
List-Unsubscribe: <mailto:[email protected]?body=unsub%20pgsql-docs>

Personally I've found the relative times instructive, merely outdated.
Perhaps using md5 as a baseline and evaluating estimates relative to that
baseline?

md5 = 1
sha1 = 4
crypt-des = 7
crypt-md5 = 1,000
crypt-bf/5 = 12,500
crypt-bf/6 = 25,000
crypt-bf/7 = 50,000
crypt-bf/8 = 100,000

This way, with the caveat that performance will vary from machine to
machine, there is a sense of the relative costs of using each algorithm,
which does not change as wildly with time.  It lets people know how bad md5
and sha1 are for protecting passwords et al.  It also demonstrates that
each turn of blowfish in this module effectively doubles the time needed to
crack and halves the number of hashes one can perform.

In short, I'd hate for the baby to be thrown out with the bathwater.

Cheers,

Miles Elam

On Tue, May 7, 2013 at 3:05 PM, Tom Lane <[email protected]> wrote:

> Miles Elam <[email protected]> writes:
> > Currently the docs show various stats on hashes per second and time
> needed
> > to find a particular key.  Unfortunately since the times are based upon a
> > Pentium 4 @1.5GHz, I worry that many would take the advice on that page
> at
> > face value, e.g., "more than 100/sec is too much while less than 4/sec is
> > too few," with a P4 in mind.
>
> It seems like this table is guaranteed to be obsolete in a few years
> no matter what.  Can we get rid of it entirely?
>
>                         regards, tom lane
>

view thread (5+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected]
  Subject: Re: pgcrypto docs
  In-Reply-To: <CAPVvHdPkcmpFRwVz=tUWEdc0782nDjR1wSM8v-2Eojpw0+prvA@mail.gmail.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox