Query on speed of crypt(3)
Thomas Truscott
trt at rti.UUCP
Thu Dec 28 05:34:00 AEST 1989
> First, what kind of speed can I expect to find with the distributed
> form of crypt(3) on machines that most universities would have or have
> access to?
The standard crypt(3) encrypts about 2 passwords/MIP.
Of course this depends heavily on the machine architecture and compiler.
I don't know of any vendors that ship a sped-up crypt(3).
> Second, are there 'improved' versions of crypt(3) floating around?
The fast crypt in the Internet Worm floated around for a while!
The fastest crypt(3) I know of was described in Crypto '89
in the paper "A High-Speed Crypt Implementation" by David C Feldmeier.
It can encrypt nearly 1100 passwords/second on a DECstation 3100.
(The standard crypt does about 19 passwords/second.)
Contact dcf at thumper.bellcore.com for more info.
I have a version of crypt(3) derived from Bob Baldwin's "fdes" program
that does about 600 passwords/second on the DECstation 3100.
It is the fastest "practical" version of crypt(3) I know of
(i.e. one can simply "cp crypt.c /usr/src/lib/libc/gen/crypt.c"
to replace the standard version).
I have sent copies of this version to several people
(including the BSD 4.x folks)
but am reluctant to post it to Usenet
because of the "export restrictions" nonsense.
An article by Matt Bishop in the Usenix "Computing Systems" journal
(vol. 1 number 3 1988 I think) described a fast password encryptor
and compared it with others.
> Third, what kind of speed can you get with a hardware implementation of
> crypt(3)? Who has done this and how difficult is it?
crypt(3) uses DES which is slow in software and fast in hardware.
And the hardware is cheap so it can be replicated.
Using hardware to find DES keys by exhaustive search is easily
within the budget of major governments.
So crypt(3) is similarly vulnerable.
I don't know of anyone working on hardware crypt(3) though.
They work on hardware DES instead.
Tom Truscott
More information about the Comp.unix.questions
mailing list