From: Rich Felker Date: Wed, 29 Aug 2012 16:44:27 +0000 (-0400) Subject: limit sha512 rounds to similar runtime to sha256 limit X-Git-Tag: v0.9.5~65 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=507b6091fa75903ff05c21a4470b7b7cc3061d0d;p=oweals%2Fmusl.git limit sha512 rounds to similar runtime to sha256 limit these limits could definitely use review, but for now, i feel consistency and erring on the side of preventing servers from getting bogged down by excessively-slow user-provided settings (think .htpasswd) are the best policy. blowfish should be updated to match. --- diff --git a/src/misc/crypt_sha512.c b/src/misc/crypt_sha512.c index 7ca804e8..2c0de698 100644 --- a/src/misc/crypt_sha512.c +++ b/src/misc/crypt_sha512.c @@ -193,7 +193,7 @@ static char *to64(char *s, unsigned int u, int n) #define SALT_MAX 16 #define ROUNDS_DEFAULT 5000 #define ROUNDS_MIN 1000 -#define ROUNDS_MAX 50000 +#define ROUNDS_MAX 20000 /* hash n bytes of the repeated md message digest */ static void hashmd(struct sha512 *s, unsigned int n, const void *md)