On 2020/05/22 16:04, Theo de Raadt wrote:
> Stuart Henderson <s...@spacehopper.org> wrote:
>
> > On 2020/05/22 17:06, Daniel Jakots wrote:
> > > Hi,
> > >
> > > We used to have different numbers of blowfish rounds between the
> > > default and daemon classes in login.conf. On Jun 26, 2016, tedu
> > > committed "upgrade selected login.conf to use auto rounds for bcrypt"
> > > for amd64, sparc64, i386, and maccpc [1].
> > >
> > > Since the class daemon inherits from the default class, the
> > > :localcipher=blowfish,a:\
> > > is a duplicate.
> > >
> > > Here's a diff to remove them.
> >
> > I'm OK with unifying these settings, but FWIW I never switched to auto
> > for these, it doesn't seem all that sensible for somebody with the ability
> > to generate enough load on the machine to be able to reduce the strength
> > of bcrypt down to the 64 (2^6) rounds minimum.
>
> Yes, that is problematic.
>
> The minimum should be probably be raised, we should consider if auto
> should even exist anymore.
>
As long as it doesn't allow weakening things I think auto should still
exist so that machines can have a stronger bcrypt where it's cheap.
When this was introduced, login.conf for amd64/i386/macppc/sparc64
changed from 8 (normal users) and 9 (daemon class i.e. root) to auto.
Since other, mainly slower, arches stayed with hardcoded 8/9 I don't
think the current minimum reachable in the code makes sense at all.
I've gone to a few machines and done:
- 50 runs of "encrypt -b a" to see what setting was chosen by auto
for i in `jot 50`; do echo foo | encrypt -b a; sleep .1; done | cut -d'$' -f3 |
sort | uniq -c
- 50 runs of "encrypt -b 9" or "encrypt -b 10" and averaged, to see
how long those two settings take
time for i in `jot 50`; do echo foo | encrypt -b 10; done
(divided by 50)
Chosen -b 9 -b 10
Cortex-A53 1.4GHz (pi3) all 8 0.22 0.40
GX-412TC 1GHz (APU2) all 8 0.16 0.31
Cortex-A72 1.5GHz (pi4) all 9 0.07 0.14
L5520 2.27GHz all 9 0.08 0.16
E3-1225v3 3.2GHz 12x8 3x9 35x10 0.05 0.10
E3-1240v5 3.5GHz all 10 0.04 0.08
E3-1270v6 3.8GHz all 11 0.03 0.05
I think bumping the minimum to 2^9 would be reasonable, there's a more
noticeable delay on some machines but I think that's fair enough (any
cracking is likely to be done on a fast machine, and the user can force
it lower themselves if they want to take the risk).
With a higher minimum than that the delay starts to get very noticeable
in some cases, so I'm not sure we're ready for that yet.
I think it also makes sense to use blowfish,a in login.conf on all
arches, replacing the old 8/9. Actually -b a is already used in the
installer for both root and the standard user on all archs, whatever
they have in login.conf. Resulting in the situation that on some
archs, the bcrypt created during install for root's password is
weaker than it would be if reset after boot.
So maybe this or something like it?
Index: lib/libc/crypt/bcrypt.c
===================================================================
RCS file: /cvs/src/lib/libc/crypt/bcrypt.c,v
retrieving revision 1.57
diff -u -p -r1.57 bcrypt.c
--- lib/libc/crypt/bcrypt.c 26 Aug 2016 08:25:02 -0000 1.57
+++ lib/libc/crypt/bcrypt.c 23 May 2020 20:16:46 -0000
@@ -237,14 +237,15 @@ bcrypt_checkpass(const char *pass, const
DEF_WEAK(bcrypt_checkpass);
/*
- * Measure this system's performance by measuring the time for 8 rounds.
- * We are aiming for something that takes around 0.1s, but not too much over.
+ * Measure this system's performance by measuring the time for 2^9 rounds.
+ * We are aiming for something that takes around 0.1s, not too much over,
+ * but without allowing it to be too weak.
*/
int
_bcrypt_autorounds(void)
{
struct timespec before, after;
- int r = 8;
+ int r = 9;
char buf[_PASSWORD_LEN];
int duration;
@@ -257,12 +258,12 @@ _bcrypt_autorounds(void)
duration += (after.tv_nsec - before.tv_nsec) / 1000;
/* too quick? slow it down. */
- while (r < 16 && duration <= 60000) {
+ while (r < 16 && duration <= 75000) {
r += 1;
duration *= 2;
}
/* too slow? speed it up. */
- while (r > 6 && duration > 120000) {
+ while (r > 10 && duration > 120000) {
r -= 1;
duration /= 2;
}
Index: etc/etc.alpha/login.conf
===================================================================
RCS file: /cvs/src/etc/etc.alpha/login.conf,v
retrieving revision 1.8
diff -u -p -r1.8 login.conf
--- etc/etc.alpha/login.conf 5 Nov 2019 19:03:46 -0000 1.8
+++ etc/etc.alpha/login.conf 23 May 2020 20:36:06 -0000
@@ -48,7 +48,7 @@ default:\
:openfiles-max=1024:\
:openfiles-cur=512:\
:stacksize-cur=4M:\
- :localcipher=blowfish,8:\
+ :localcipher=blowfish,a:\
:tc=auth-defaults:\
:tc=auth-ftp-defaults:
@@ -64,7 +64,6 @@ daemon:\
:openfiles-max=1024:\
:openfiles-cur=128:\
:stacksize-cur=8M:\
- :localcipher=blowfish,9:\
:tc=default:
#
Index: etc/etc.arm64/login.conf
===================================================================
RCS file: /cvs/src/etc/etc.arm64/login.conf,v
retrieving revision 1.7
diff -u -p -r1.7 login.conf
--- etc/etc.arm64/login.conf 5 Nov 2019 19:03:46 -0000 1.7
+++ etc/etc.arm64/login.conf 23 May 2020 20:36:06 -0000
@@ -48,7 +48,7 @@ default:\
:openfiles-max=1024:\
:openfiles-cur=512:\
:stacksize-cur=4M:\
- :localcipher=blowfish,8:\
+ :localcipher=blowfish,a:\
:tc=auth-defaults:\
:tc=auth-ftp-defaults:
@@ -64,7 +64,6 @@ daemon:\
:openfiles-max=1024:\
:openfiles-cur=128:\
:stacksize-cur=8M:\
- :localcipher=blowfish,9:\
:tc=default:
#
Index: etc/etc.armv7/login.conf
===================================================================
RCS file: /cvs/src/etc/etc.armv7/login.conf,v
retrieving revision 1.8
diff -u -p -r1.8 login.conf
--- etc/etc.armv7/login.conf 5 Nov 2019 19:03:46 -0000 1.8
+++ etc/etc.armv7/login.conf 23 May 2020 20:36:06 -0000
@@ -48,7 +48,7 @@ default:\
:openfiles-max=1024:\
:openfiles-cur=512:\
:stacksize-cur=4M:\
- :localcipher=blowfish,8:\
+ :localcipher=blowfish,a:\
:tc=auth-defaults:\
:tc=auth-ftp-defaults:
@@ -64,7 +64,6 @@ daemon:\
:openfiles-max=1024:\
:openfiles-cur=128:\
:stacksize-cur=8M:\
- :localcipher=blowfish,9:\
:tc=default:
#
Index: etc/etc.hppa/login.conf
===================================================================
RCS file: /cvs/src/etc/etc.hppa/login.conf,v
retrieving revision 1.10
diff -u -p -r1.10 login.conf
--- etc/etc.hppa/login.conf 5 Nov 2019 19:03:46 -0000 1.10
+++ etc/etc.hppa/login.conf 23 May 2020 20:36:06 -0000
@@ -48,7 +48,7 @@ default:\
:openfiles-max=1024:\
:openfiles-cur=512:\
:stacksize-cur=4M:\
- :localcipher=blowfish,8:\
+ :localcipher=blowfish,a:\
:tc=auth-defaults:\
:tc=auth-ftp-defaults:
@@ -64,7 +64,6 @@ daemon:\
:openfiles-max=1024:\
:openfiles-cur=128:\
:stacksize-cur=8M:\
- :localcipher=blowfish,9:\
:tc=default:
#
Index: etc/etc.landisk/login.conf
===================================================================
RCS file: /cvs/src/etc/etc.landisk/login.conf,v
retrieving revision 1.8
diff -u -p -r1.8 login.conf
--- etc/etc.landisk/login.conf 5 Nov 2019 19:03:46 -0000 1.8
+++ etc/etc.landisk/login.conf 23 May 2020 20:36:06 -0000
@@ -48,7 +48,7 @@ default:\
:openfiles-max=1024:\
:openfiles-cur=512:\
:stacksize-cur=4M:\
- :localcipher=blowfish,8:\
+ :localcipher=blowfish,a:\
:tc=auth-defaults:\
:tc=auth-ftp-defaults:
@@ -64,7 +64,6 @@ daemon:\
:openfiles-max=1024:\
:openfiles-cur=128:\
:stacksize-cur=8M:\
- :localcipher=blowfish,9:\
:tc=default:
#
Index: etc/etc.loongson/login.conf
===================================================================
RCS file: /cvs/src/etc/etc.loongson/login.conf,v
retrieving revision 1.13
diff -u -p -r1.13 login.conf
--- etc/etc.loongson/login.conf 12 Mar 2020 15:32:21 -0000 1.13
+++ etc/etc.loongson/login.conf 23 May 2020 20:36:06 -0000
@@ -48,7 +48,7 @@ default:\
:openfiles-max=1024:\
:openfiles-cur=512:\
:stacksize-cur=4M:\
- :localcipher=blowfish,8:\
+ :localcipher=blowfish,a:\
:tc=auth-defaults:\
:tc=auth-ftp-defaults:
@@ -64,7 +64,6 @@ daemon:\
:openfiles-max=1024:\
:openfiles-cur=128:\
:stacksize-cur=8M:\
- :localcipher=blowfish,9:\
:tc=default:
#
Index: etc/etc.luna88k/login.conf
===================================================================
RCS file: /cvs/src/etc/etc.luna88k/login.conf,v
retrieving revision 1.8
diff -u -p -r1.8 login.conf
--- etc/etc.luna88k/login.conf 5 Nov 2019 19:03:46 -0000 1.8
+++ etc/etc.luna88k/login.conf 23 May 2020 20:36:06 -0000
@@ -48,7 +48,7 @@ default:\
:openfiles-max=1024:\
:openfiles-cur=512:\
:stacksize-cur=4M:\
- :localcipher=blowfish,8:\
+ :localcipher=blowfish,a:\
:tc=auth-defaults:\
:tc=auth-ftp-defaults:
@@ -64,7 +64,6 @@ daemon:\
:openfiles-max=1024:\
:openfiles-cur=128:\
:stacksize-cur=8M:\
- :localcipher=blowfish,9:\
:tc=default:
#
Index: etc/etc.octeon/login.conf
===================================================================
RCS file: /cvs/src/etc/etc.octeon/login.conf,v
retrieving revision 1.10
diff -u -p -r1.10 login.conf
--- etc/etc.octeon/login.conf 5 Nov 2019 19:03:47 -0000 1.10
+++ etc/etc.octeon/login.conf 23 May 2020 20:36:06 -0000
@@ -48,7 +48,7 @@ default:\
:openfiles-max=1024:\
:openfiles-cur=512:\
:stacksize-cur=4M:\
- :localcipher=blowfish,8:\
+ :localcipher=blowfish,a:\
:tc=auth-defaults:\
:tc=auth-ftp-defaults:
@@ -64,7 +64,6 @@ daemon:\
:openfiles-max=1024:\
:openfiles-cur=128:\
:stacksize-cur=8M:\
- :localcipher=blowfish,9:\
:tc=default:
#
Index: etc/etc.sgi/login.conf
===================================================================
RCS file: /cvs/src/etc/etc.sgi/login.conf,v
retrieving revision 1.10
diff -u -p -r1.10 login.conf
--- etc/etc.sgi/login.conf 5 Nov 2019 19:03:47 -0000 1.10
+++ etc/etc.sgi/login.conf 23 May 2020 20:36:06 -0000
@@ -48,7 +48,7 @@ default:\
:openfiles-max=1024:\
:openfiles-cur=512:\
:stacksize-cur=4M:\
- :localcipher=blowfish,8:\
+ :localcipher=blowfish,a:\
:tc=auth-defaults:\
:tc=auth-ftp-defaults:
@@ -64,7 +64,6 @@ daemon:\
:openfiles-max=1024:\
:openfiles-cur=128:\
:stacksize-cur=8M:\
- :localcipher=blowfish,9:\
:tc=default:
#
