These values have not marched forward with the progress of time. For
perspective, the last increase in bcrypt rounds was around the time we
considered Monica Lewinsky a big scandal.
If processing power really doubles every 2 years, we should
increase by 6, but that means 5 second root logins even on a fast
machine. I know I know, no pain no gain, but let's build up our atrophied
muscles slowly. Increasing by 3 also means root goes to 11.
Slow machines will, of course, get slower, but:
1. You don't have to upgrade to the new numbers
2. You can dial down the pain if necessary
3. We can call the added delay "The Gawker Memorial Second"
Index: login.conf.in
===================================================================
RCS file: /home/tedu/cvs/src/etc/login.conf.in,v
retrieving revision 1.2
diff -u -r1.2 login.conf.in
--- login.conf.in 9 Jan 2007 10:20:12 -0000 1.2
+++ login.conf.in 16 Dec 2010 03:21:23 -0000
@@ -46,7 +46,7 @@
:maxproc-c...@def_maxproc_cur@:\
:openfiles-c...@def_openfiles_cur@:\
:stacksize-cur=4M:\
- :localcipher=blowfish,6:\
+ :localcipher=blowfish,9:\
:ypcipher=old:\
:tc=auth-defaults:\
:tc=auth-ftp-defaults:
@@ -62,7 +62,7 @@
:maxproc=infinity:\
:openfiles-cur=128:\
:stacksize-cur=8M:\
- :localcipher=blowfish,8:\
+ :localcipher=blowfish,11:\
:tc=default:
#
