On Tue, May 14, 2013 at 13:16, Mike Belopuhov wrote: > I think the minimum number of rounds needs to be documented > somehow. > > I think this magic number needs to be documented.
Here is a simpler version with fewer magic numbers. Nothing uses this yet, of course, I just want to get the facility in and then argue about the installer and login.conf. Index: encrypt.c =================================================================== RCS file: /cvs/src/usr.bin/encrypt/encrypt.c,v retrieving revision 1.28 diff -u -p -r1.28 encrypt.c --- encrypt.c 14 Jul 2007 21:26:38 -0000 1.28 +++ encrypt.c 15 May 2013 00:33:02 -0000 @@ -63,6 +63,40 @@ usage(void) exit(1); } +/* + * Time how long 8 rounds takes to measure this system's performance. + * We are aiming for something that takes between 0.25 and 0.5 seconds. + */ +int +ideal_rounds() +{ + clock_t before, after; + int r = 8; + char buf[_PASSWORD_LEN]; + int duration; + + strlcpy(buf, bcrypt_gensalt(r), _PASSWORD_LEN); + before = clock(); + crypt("testpassword", buf); + after = clock(); + + duration = after - before; + + /* too quick? slow it down. */ + while (duration <= CLOCKS_PER_SEC / 4) { + r += 1; + duration *= 2; + } + /* too slow? speed it up. */ + while (duration > CLOCKS_PER_SEC / 2) { + r -= 1; + duration /= 2; + } + + return r; +} + + void print_passwd(char *string, int operation, void *extra) { @@ -160,7 +194,10 @@ main(int argc, char **argv) if (operation != -1) usage(); operation = DO_BLF; - rounds = strtonum(optarg, 1, INT_MAX, &errstr); + if (strcmp(optarg, "a") == 0) + rounds = ideal_rounds(); + else + rounds = strtonum(optarg, 1, INT_MAX, &errstr); if (errstr != NULL) errx(1, "%s: %s", errstr, optarg); extra = &rounds;