Re: [DOCS] pgcrypto docs

Wed, 04 Dec 2013 09:42:56 -0800 

On Tue, May  7, 2013 at 03:47:43PM -0700, Miles Elam wrote:
> Personally I've found the relative times instructive, merely outdated.  
> Perhaps
> using md5 as a baseline and evaluating estimates relative to that baseline?
> 
> md5 = 1
> sha1 = 4
> crypt-des = 7
> crypt-md5 = 1,000
> crypt-bf/5 = 12,500
> crypt-bf/6 = 25,000
> crypt-bf/7 = 50,000
> crypt-bf/8 = 100,000
> 
> This way, with the caveat that performance will vary from machine to machine,
> there is a sense of the relative costs of using each algorithm, which does not
> change as wildly with time.  It lets people know how bad md5 and sha1 are for
> protecting passwords et al.  It also demonstrates that each turn of blowfish 
> in
> this module effectively doubles the time needed to crack and halves the number
> of hashes one can perform.
> 
> In short, I'd hate for the baby to be thrown out with the bathwater.

I have used your new testing times, plus added these relative
measurements, which shoud give us the best of both worlds.  Patch
attached; you can see the results here:

        http://momjian.us/tmp/pgsql/pgcrypto.html

What speed was the I5 CPU you used?

-- 
  Bruce Momjian  <br...@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

  + Everyone has their own god. +

diff --git a/doc/src/sgml/pgcrypto.sgml b/doc/src/sgml/pgcrypto.sgml
new file mode 100644
index 57d3401..0d04f7e
*** a/doc/src/sgml/pgcrypto.sgml
--- b/doc/src/sgml/pgcrypto.sgml
*************** gen_salt(type text [, iter_count integer
*** 312,367 ****
         <entry>Hashes/sec</entry>
         <entry>For <literal>[a-z]</></entry>
         <entry>For <literal>[A-Za-z0-9]</></entry>
        </row>
       </thead>
       <tbody>
        <row>
         <entry><literal>crypt-bf/8</></entry>
!        <entry>28</entry>
!        <entry>246 years</entry>
!        <entry>251322 years</entry>
        </row>
        <row>
         <entry><literal>crypt-bf/7</></entry>
!        <entry>57</entry>
!        <entry>121 years</entry>
!        <entry>123457 years</entry>
        </row>
        <row>
         <entry><literal>crypt-bf/6</></entry>
!        <entry>112</entry>
!        <entry>62 years</entry>
!        <entry>62831 years</entry>
        </row>
        <row>
         <entry><literal>crypt-bf/5</></entry>
!        <entry>211</entry>
!        <entry>33 years</entry>
!        <entry>33351 years</entry>
        </row>
        <row>
         <entry><literal>crypt-md5</></entry>
!        <entry>2681</entry>
!        <entry>2.6 years</entry>
!        <entry>2625 years</entry>
        </row>
        <row>
         <entry><literal>crypt-des</></entry>
!        <entry>362837</entry>
!        <entry>7 days</entry>
!        <entry>19 years</entry>
        </row>
        <row>
         <entry><literal>sha1</></entry>
!        <entry>590223</entry>
!        <entry>4 days</entry>
!        <entry>12 years</entry>
        </row>
        <row>
         <entry><literal>md5 hash</></entry>
!        <entry>2345086</entry>
!        <entry>1 day</entry>
!        <entry>3 years</entry>
        </row>
       </tbody>
      </tgroup>
--- 312,376 ----
         <entry>Hashes/sec</entry>
         <entry>For <literal>[a-z]</></entry>
         <entry>For <literal>[A-Za-z0-9]</></entry>
+        <entry>Duration relative to <literal>md5 hash</></entry>
        </row>
       </thead>
       <tbody>
        <row>
         <entry><literal>crypt-bf/8</></entry>
!        <entry>1792</entry>
!        <entry>4 years</entry>
!        <entry>3927 years</entry>
!        <entry>100k</entry>
        </row>
        <row>
         <entry><literal>crypt-bf/7</></entry>
!        <entry>3648</entry>
!        <entry>2 years</entry>
!        <entry>1929 years</entry>
!        <entry>50k</entry>
        </row>
        <row>
         <entry><literal>crypt-bf/6</></entry>
!        <entry>7168</entry>
!        <entry>1 year</entry>
!        <entry>982 years</entry>
!        <entry>25k</entry>
        </row>
        <row>
         <entry><literal>crypt-bf/5</></entry>
!        <entry>13504</entry>
!        <entry>188 days</entry>
!        <entry>521 years</entry>
!        <entry>12.5k</entry>
        </row>
        <row>
         <entry><literal>crypt-md5</></entry>
!        <entry>171584</entry>
!        <entry>15 days</entry>
!        <entry>41 years</entry>
!        <entry>1k</entry>
        </row>
        <row>
         <entry><literal>crypt-des</></entry>
!        <entry>23221568</entry>
!        <entry>157.5 minutes</entry>
!        <entry>108 days</entry>
!        <entry>7</entry>
        </row>
        <row>
         <entry><literal>sha1</></entry>
!        <entry>37774272</entry>
!        <entry>90 minutes</entry>
!        <entry>68 days</entry>
!        <entry>4</entry>
        </row>
        <row>
         <entry><literal>md5 hash</></entry>
!        <entry>150085504</entry>
!        <entry>22.5 minutes</entry>
!        <entry>17 days</entry>
!        <entry>1</entry>
        </row>
       </tbody>
      </tgroup>
*************** gen_salt(type text [, iter_count integer
*** 374,380 ****
     <itemizedlist>
      <listitem>
       <para>
!      The machine used is a 1.5GHz Pentium 4.
       </para>
      </listitem>
      <listitem>
--- 383,389 ----
     <itemizedlist>
      <listitem>
       <para>
!      The machine used is an Intel Core i5.
       </para>
      </listitem>
      <listitem>

-- 
Sent via pgsql-docs mailing list (pgsql-docs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-docs

Reply via email to