Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!clyde.concordia.ca!uunet!wuarchive!cs.utexas.edu!tut.cis.ohio-state.edu!usenet.ins.cwru.edu!mephisto!ncsuvx!news
From: agb@cscosl.ncsu.edu (Alan Bishop)
Newsgroups: comp.unix.questions
Subject: Query on speed of crypt(3)
Keywords: crypt security password
Message-ID: <1989Dec14.195944.16931@ncsuvx.ncsu.edu>
Date: 14 Dec 89 19:59:44 GMT
Reply-To: agb@cscosl.ncsu.edu (Alan Bishop)
Organization: NCSU (Student)
Lines: 30

Howdy.

I'm interested in finding some figures for the speed of crypt(3).  My
goal is to get some numbers on how long it would take to encrypt a list
of likely passwords (such as the words in /usr/dict/words) and how long
it would take intruders run every userid on a system through crypt(3)
with the appropriate salt.

First, what kind of speed can I expect to find with the distributed
form of crypt(3) on machines that most universities would have or have
access to?

For example, on a lightly loaded uVAX II, running 10 words through crypt
takes around 12 seconds.  This comes out to around 8 hours to run
/usr/dict/words (~25000 words) through it with a given salt.

Second, are there 'improved' versions of crypt(3) floating around?  If
so, what kind of speed improvements do they show?  How widely
distributed are they?  (Should we assume that anyone trying to break
into our systems has a faster version, or just a small percentage of
them?)

Third, what kind of speed can you get with a hardware implementation of
crypt(3)?  Who has done this and how difficult is it?

Lastly, can you mail me a list of any references you have about the
speed of crypt(3) or crypt look-alikes?

Thanks.
alan