On Mar 15, 2013, at 3:18 AM, Andrew Findlay <[email protected]> 
wrote:

> On Thu, Mar 14, 2013 at 08:19:12PM +0100, Michael Ströder wrote:
> 
>>>>     userpasswordvalue  = cleartext-password / prefix hashed-password
>>> 
>>> I think you should replace "hashed-password" with "scheme-specific data" and
>>> stop there.
>> 
>> That's a conclusion of your opinion. But I want to describe the *order* of
>> password and salt used by any server I saw using the scheme.
> 
> Why not separate the description of the data from the overall syntax?
> It will be easier to read that way, and much more obvious that the whole
> thing is extensible and a bit informal.
> 
> userPassword has Octet String syntax, so in principle the value is
> <scheme name in curly brackets> <arbitrary data>
> 
> A separate section of the doc could then describe (or refer to) the formats
> of all the commonly-used storage schemes. I was about to call them 'hash
> schemes' but that is wrong, as some servers support reversible encryption
> schemes as well as hashes.
> 
> 
> On a slight tangent, a rough guide to the current strength of various hash
> schemes can be found on hashcat's front page:
> 
>       http://hashcat.net/oclhashcat-plus/
> 
> The table at the bottom gives the brute-force attack rate in crypts/sec
> using a single PC with a good (mid-range gaming) graphics engine.
> Numbers range from about 4k c/s for bcrypt up to 7500M c/2 for NTLM.
> It does not explicitly list figures for SSHA and SMD5 but I suspect the
> 'sha512crypt $6$' figure is indicative at 12k c/s.

The difference per check of SSHA and SHA is one SHAUpdate call, even if this 
call account for 100% of the work, then SSHA should be no more than twice as 
expensive SHA.  Likewise for other simple salted hash methods.

-- Kurt

> 
> Andrew
> -- 
> -----------------------------------------------------------------------
> |                 From Andrew Findlay, Skills 1st Ltd                 |
> | Consultant in large-scale systems, networks, and directory services |
> |     http://www.skills-1st.co.uk/                +44 1628 782565     |
> -----------------------------------------------------------------------
> _______________________________________________
> Ldapext mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/ldapext


Reply via email to