From ae9dea78b3643e5fc63723b40827f59c31518a2c Mon Sep 17 00:00:00 2001 From: "Kyle J. McKay" Date: Sat, 12 Dec 2020 11:57:20 -0700 Subject: [PATCH] Girocco/HashUtil.pm: increase maximum password rounds Each time a password is converted for storage in the Girocco project password file, a random number of iterations will be chosen (up to a maximum number) and a random password "salt" will be selected. Together they help make it computationally much more expensive to "crack" any of the stored passwords as pre-computing all the possible "rainbow tables" starts to take up an inordinate amount of space with the number of possible "salt" values combined with the number of possible iterations. With the recent order of magnitude speed up of the computation, it's now possible to increase the maximum number of iterations by roughly the same order of magnitude without requiring any more CPU time than was required before the computation speed up. Therefore go ahead and increase the maximum number of possible iterations to make any brute force "crack" attempts just that little bit more expensive to perform. Signed-off-by: Kyle J. McKay --- Girocco/HashUtil.pm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Girocco/HashUtil.pm b/Girocco/HashUtil.pm index 368b5ab..3ddec69 100644 --- a/Girocco/HashUtil.pm +++ b/Girocco/HashUtil.pm @@ -170,11 +170,11 @@ sub crypt_sha1 { } # A convenience function similar to scrypt but producing a crypt_sha1 result. -# Note that while 32 rounds is rather small, it's enough to allow some variation +# Note that while 256 rounds is rather small, it's enough to allow some variation # in the number of rounds while still not taxing the CPU running Perl hmac_sha1. sub scrypt_sha1 { my $pw = shift || ''; - return crypt_sha1($pw, '', 32); + return crypt_sha1($pw, '', 256); } 1; -- 2.11.4.GIT