Home > mailing lists

Re: pgcrypto docs - Mailing list pgsql-docs

From	Miles Elam
Subject	Re: pgcrypto docs
Date	May 8, 2013 01:47:48
Msg-id	CAPVvHdPkcmpFRwVz=tUWEdc0782nDjR1wSM8v-2Eojpw0+prvA@mail.gmail.com Whole thread Raw
In response to	Re: pgcrypto docs (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: pgcrypto docs
List	pgsql-docs

Tree view

Personally I've found the relative times instructive, merely outdated. Perhaps using md5 as a baseline and evaluating estimates relative to that baseline?

md5 = 1

sha1 = 4

crypt-des = 7

crypt-md5 = 1,000

crypt-bf/5 = 12,500
crypt-bf/6 = 25,000
crypt-bf/7 = 50,000
crypt-bf/8 = 100,000

This way, with the caveat that performance will vary from machine to machine, there is a sense of the relative costs of using each algorithm, which does not change as wildly with time. It lets people know how bad md5 and sha1 are for protecting passwords et al. It also demonstrates that each turn of blowfish in this module effectively doubles the time needed to crack and halves the number of hashes one can perform.

In short, I'd hate for the baby to be thrown out with the bathwater.

Cheers,

Miles Elam

On Tue, May 7, 2013 at 3:05 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:

Miles Elam <mileselam+postgresql@gmail.com> writes:
> Currently the docs show various stats on hashes per second and time needed
> to find a particular key. Unfortunately since the times are based upon a
> Pentium 4 @1.5GHz, I worry that many would take the advice on that page at
> face value, e.g., "more than 100/sec is too much while less than 4/sec is
> too few," with a P4 in mind.

It seems like this table is guaranteed to be obsolete in a few years
no matter what. Can we get rid of it entirely?

regards, tom lane

pgsql-docs by date:

From: Tom Lane
Date: 08 May 2013, 01:05:48
Subject: Re: pgcrypto docs

From: Erwin Brandstetter
Date: 11 May 2013, 11:07:41
Subject: Reference function arguments by name

Re: pgcrypto docs - Mailing list pgsql-docs

Previous

Next