On Tue, May 14, 2013 at 13:16, Mike Belopuhov wrote:
> I think the minimum number of rounds needs to be documented
> somehow.
>
> I think this magic number needs to be documented.
Here is a simpler version with fewer magic numbers.
Nothing uses this yet, of course, I just want to get the facility in
and then argue about the installer and login.conf.
Index: encrypt.c
===================================================================
RCS file: /cvs/src/usr.bin/encrypt/encrypt.c,v
retrieving revision 1.28
diff -u -p -r1.28 encrypt.c
--- encrypt.c 14 Jul 2007 21:26:38 -0000 1.28
+++ encrypt.c 15 May 2013 00:33:02 -0000
@@ -63,6 +63,40 @@ usage(void)
exit(1);
}
+/*
+ * Time how long 8 rounds takes to measure this system's performance.
+ * We are aiming for something that takes between 0.25 and 0.5 seconds.
+ */
+int
+ideal_rounds()
+{
+ clock_t before, after;
+ int r = 8;
+ char buf[_PASSWORD_LEN];
+ int duration;
+
+ strlcpy(buf, bcrypt_gensalt(r), _PASSWORD_LEN);
+ before = clock();
+ crypt("testpassword", buf);
+ after = clock();
+
+ duration = after - before;
+
+ /* too quick? slow it down. */
+ while (duration <= CLOCKS_PER_SEC / 4) {
+ r += 1;
+ duration *= 2;
+ }
+ /* too slow? speed it up. */
+ while (duration > CLOCKS_PER_SEC / 2) {
+ r -= 1;
+ duration /= 2;
+ }
+
+ return r;
+}
+
+
void
print_passwd(char *string, int operation, void *extra)
{
@@ -160,7 +194,10 @@ main(int argc, char **argv)
if (operation != -1)
usage();
operation = DO_BLF;
- rounds = strtonum(optarg, 1, INT_MAX, &errstr);
+ if (strcmp(optarg, "a") == 0)
+ rounds = ideal_rounds();
+ else
+ rounds = strtonum(optarg, 1, INT_MAX, &errstr);
if (errstr != NULL)
errx(1, "%s: %s", errstr, optarg);
extra = &rounds;
