On Wed, Dec 4, 2013 at 12:42:08PM -0500, Bruce Momjian wrote: > On Tue, May 7, 2013 at 03:47:43PM -0700, Miles Elam wrote: > > Personally I've found the relative times instructive, merely outdated. > > Perhaps > > using md5 as a baseline and evaluating estimates relative to that baseline? > > > > md5 = 1 > > sha1 = 4 > > crypt-des = 7 > > crypt-md5 = 1,000 > > crypt-bf/5 = 12,500 > > crypt-bf/6 = 25,000 > > crypt-bf/7 = 50,000 > > crypt-bf/8 = 100,000 > > > > This way, with the caveat that performance will vary from machine to > > machine, > > there is a sense of the relative costs of using each algorithm, which does > > not > > change as wildly with time. It lets people know how bad md5 and sha1 are > > for > > protecting passwords et al. It also demonstrates that each turn of > > blowfish in > > this module effectively doubles the time needed to crack and halves the > > number > > of hashes one can perform. > > > > In short, I'd hate for the baby to be thrown out with the bathwater. > > I have used your new testing times, plus added these relative > measurements, which shoud give us the best of both worlds. Patch > attached; you can see the results here:
Patch applied. Thanks. I updated the patch to say Intel i3.. -- Bruce Momjian <br...@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + Everyone has their own god. + -- Sent via pgsql-docs mailing list (pgsql-docs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-docs
