Re: Recommended way to probe for bcrypt support?

mailing list of musl libc
 help / color / mirror / code / Atom feed

From: Solar Designer <solar@openwall.com>
To: musl@lists.openwall.com
Subject: Re: Recommended way to probe for bcrypt support?
Date: Tue, 24 Jun 2014 06:00:36 +0400	[thread overview]
Message-ID: <20140624020035.GA6669@openwall.com> (raw)
In-Reply-To: <20140623235254.GQ179@brightrain.aerifal.cx>

On Mon, Jun 23, 2014 at 07:52:55PM -0400, Rich Felker wrote:
> On Tue, Jun 24, 2014 at 03:17:35AM +0400, Solar Designer wrote:
> > On Mon, Jun 23, 2014 at 06:33:39PM -0400, Rich Felker wrote:
> > > The best way to do this is with runtime detection: simply attempt to
> > > use crypt or crypt_r with a setting string that requests bcrypt and
> > > see if it works.
> > 
> > Sure.  This works for ./configure when we're fine with static
> > compile-time detection.
> 
> Yes; I rather frown upon such compile-time detection though because it
> precludes cross-compiling, and because such _behaviors_ (as opposed to
> interfaces) tend to be things that change between versions. In the
> case of libc supporting bcrypt this is not going to change, but in
> principle it's a bad policy. Especially when presence/absence of a
> feature might depend on kernel, and running on an older kernel than
> the one used while compiling is likely to happen.

Presence/absence of bcrypt support may vary between (patched) glibc
versions and builds, especially since it's not available upstream.

> > Unfortunately, at runtime detecting bcrypt in
> > this way is a bit slow since the minimum cost setting is 4 (meaning 16
> > iterations of the eksBlowfish loop).  For mkpasswd it is acceptable -
> > so do it - but e.g. in phpass I am reluctant to do it that way.
> 
> I'm not clear why it would be necessary to probe for it when not
> actually attempting to use it, except in cases like providing a list
> of supported hashes (e.g. --help or similar). The normal usage case
> for "runtime probe" seems to be "try to use it, and report failure if
> it's not available".

Yes, or fallback to something else.

Alexander

next prev parent reply	other threads:[~2014-06-24  2:00 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-06-23 21:53 Isaac Dunham
2014-06-23 22:33 ` Rich Felker
2014-06-23 23:17   ` Solar Designer
2014-06-23 23:52     ` Rich Felker
2014-06-24  2:00       ` Solar Designer [this message]
2014-06-24  4:07       ` Isaac Dunham

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20140624020035.GA6669@openwall.com \
    --to=solar@openwall.com \
    --cc=musl@lists.openwall.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://git.vuxu.org/mirror/musl/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).