Searched hist:327856 (Results 1 - 7 of 7) sorted by relevance
/freebsd-11-stable/tests/sys/geom/class/eli/ | ||
H A D | gentestvect.py | 327856 Fri Jan 12 00:39:56 MST 2018 asomers MFC r313962, r313972-r313973, r315230 r313962 by allanjude: improve PBKDF2 performance The PBKDF2 in sys/geom/eli/pkcs5v2.c is around half the speed it could be GELI's PBKDF2 uses a simple benchmark to determine a number of iterations that will takes approximately 2 seconds. The security provided is actually half what is expected, because an attacker could use the optimized algorithm to brute force the key in half the expected time. With this change, all newly generated GELI keys will be approximately 2x as strong. Previously generated keys will talk half as long to calculate, resulting in faster mounting of encrypted volumes. Users may choose to rekey, to generate a new key with the larger default number of iterations using the geli(8) setkey command. Security of existing data is not compromised, as ~1 second per brute force attempt is still a very high threshold. PR: 202365 Original Research: https://jbp.io/2015/08/11/pbkdf2-performance-matters/ Submitted by: Joe Pixton <jpixton@gmail.com> (Original Version), jmg (Later Version) Reviewed by: ed, pjd, delphij Approved by: secteam, pjd (maintainer) Differential Revision: https://reviews.freebsd.org/D8236 r313972 by ngie: Unbreak the build when "make obj" is executed beforehand Using relative paths imply working directory (in this case .OBJDIR), whereas the sources live in the .CURDIR-relative path. X-MFC with: r313962 Pointyhat to: allanjude Sponsored by: Dell EMC Isilon r313973 by ngie: A forced commit to note other portion of the Makefile change accidentally committed in r313972 The code committed in r313962 implicitly relies on python 2.x to generate testvect.h . There are a handful of issues with this approach: - python is not an explicit build dependency for FreeBSD - python 2.x is deprecated and will be removed sometime in the future (potentially before 11.x's EOL), and the script does not function with python 3.5 (it uses deprecated idioms and incompatible function calls). - python(1) (by default) lives in /usr/local/bin (${LOCALBASE}/bin) and gentestvect.py is a dependency of testvect.h (prior to r313972) which means that if the mtime of the generator script was newer than the mtime of the test vector, it could cause a spurious build failure in build time or at install time. A better solution using C/C++ should be devised. Discussed with: allanjude X-MFC with: r313962, r313972 Sponsored by: Dell EMC Isilon r315230 by ngie: Move .../sys/geom/eli/pbkdf2... to .../sys/geom/class/eli/... This change moves the tests added in r313962 to an existing directory structure used by the geli TAP tests. It also, renames the test from pbkdf2 to pbkdf2_test . The changes to ObsoleteFiles.inc are being committed separately as they aren't needed for the MFC to ^/stable/11, etc, if the MFC for the tests is done all in one commit. X-MFC with: r313962, r313972-r313973 Reviewed by: allanjude Sponsored by: Dell EMC Isilon Differential Revision: D9985 |
H A D | hmac_test.c | 327856 Fri Jan 12 00:39:56 MST 2018 asomers MFC r313962, r313972-r313973, r315230 r313962 by allanjude: improve PBKDF2 performance The PBKDF2 in sys/geom/eli/pkcs5v2.c is around half the speed it could be GELI's PBKDF2 uses a simple benchmark to determine a number of iterations that will takes approximately 2 seconds. The security provided is actually half what is expected, because an attacker could use the optimized algorithm to brute force the key in half the expected time. With this change, all newly generated GELI keys will be approximately 2x as strong. Previously generated keys will talk half as long to calculate, resulting in faster mounting of encrypted volumes. Users may choose to rekey, to generate a new key with the larger default number of iterations using the geli(8) setkey command. Security of existing data is not compromised, as ~1 second per brute force attempt is still a very high threshold. PR: 202365 Original Research: https://jbp.io/2015/08/11/pbkdf2-performance-matters/ Submitted by: Joe Pixton <jpixton@gmail.com> (Original Version), jmg (Later Version) Reviewed by: ed, pjd, delphij Approved by: secteam, pjd (maintainer) Differential Revision: https://reviews.freebsd.org/D8236 r313972 by ngie: Unbreak the build when "make obj" is executed beforehand Using relative paths imply working directory (in this case .OBJDIR), whereas the sources live in the .CURDIR-relative path. X-MFC with: r313962 Pointyhat to: allanjude Sponsored by: Dell EMC Isilon r313973 by ngie: A forced commit to note other portion of the Makefile change accidentally committed in r313972 The code committed in r313962 implicitly relies on python 2.x to generate testvect.h . There are a handful of issues with this approach: - python is not an explicit build dependency for FreeBSD - python 2.x is deprecated and will be removed sometime in the future (potentially before 11.x's EOL), and the script does not function with python 3.5 (it uses deprecated idioms and incompatible function calls). - python(1) (by default) lives in /usr/local/bin (${LOCALBASE}/bin) and gentestvect.py is a dependency of testvect.h (prior to r313972) which means that if the mtime of the generator script was newer than the mtime of the test vector, it could cause a spurious build failure in build time or at install time. A better solution using C/C++ should be devised. Discussed with: allanjude X-MFC with: r313962, r313972 Sponsored by: Dell EMC Isilon r315230 by ngie: Move .../sys/geom/eli/pbkdf2... to .../sys/geom/class/eli/... This change moves the tests added in r313962 to an existing directory structure used by the geli TAP tests. It also, renames the test from pbkdf2 to pbkdf2_test . The changes to ObsoleteFiles.inc are being committed separately as they aren't needed for the MFC to ^/stable/11, etc, if the MFC for the tests is done all in one commit. X-MFC with: r313962, r313972-r313973 Reviewed by: allanjude Sponsored by: Dell EMC Isilon Differential Revision: D9985 |
H A D | testvect.h | 327856 Fri Jan 12 00:39:56 MST 2018 asomers MFC r313962, r313972-r313973, r315230 r313962 by allanjude: improve PBKDF2 performance The PBKDF2 in sys/geom/eli/pkcs5v2.c is around half the speed it could be GELI's PBKDF2 uses a simple benchmark to determine a number of iterations that will takes approximately 2 seconds. The security provided is actually half what is expected, because an attacker could use the optimized algorithm to brute force the key in half the expected time. With this change, all newly generated GELI keys will be approximately 2x as strong. Previously generated keys will talk half as long to calculate, resulting in faster mounting of encrypted volumes. Users may choose to rekey, to generate a new key with the larger default number of iterations using the geli(8) setkey command. Security of existing data is not compromised, as ~1 second per brute force attempt is still a very high threshold. PR: 202365 Original Research: https://jbp.io/2015/08/11/pbkdf2-performance-matters/ Submitted by: Joe Pixton <jpixton@gmail.com> (Original Version), jmg (Later Version) Reviewed by: ed, pjd, delphij Approved by: secteam, pjd (maintainer) Differential Revision: https://reviews.freebsd.org/D8236 r313972 by ngie: Unbreak the build when "make obj" is executed beforehand Using relative paths imply working directory (in this case .OBJDIR), whereas the sources live in the .CURDIR-relative path. X-MFC with: r313962 Pointyhat to: allanjude Sponsored by: Dell EMC Isilon r313973 by ngie: A forced commit to note other portion of the Makefile change accidentally committed in r313972 The code committed in r313962 implicitly relies on python 2.x to generate testvect.h . There are a handful of issues with this approach: - python is not an explicit build dependency for FreeBSD - python 2.x is deprecated and will be removed sometime in the future (potentially before 11.x's EOL), and the script does not function with python 3.5 (it uses deprecated idioms and incompatible function calls). - python(1) (by default) lives in /usr/local/bin (${LOCALBASE}/bin) and gentestvect.py is a dependency of testvect.h (prior to r313972) which means that if the mtime of the generator script was newer than the mtime of the test vector, it could cause a spurious build failure in build time or at install time. A better solution using C/C++ should be devised. Discussed with: allanjude X-MFC with: r313962, r313972 Sponsored by: Dell EMC Isilon r315230 by ngie: Move .../sys/geom/eli/pbkdf2... to .../sys/geom/class/eli/... This change moves the tests added in r313962 to an existing directory structure used by the geli TAP tests. It also, renames the test from pbkdf2 to pbkdf2_test . The changes to ObsoleteFiles.inc are being committed separately as they aren't needed for the MFC to ^/stable/11, etc, if the MFC for the tests is done all in one commit. X-MFC with: r313962, r313972-r313973 Reviewed by: allanjude Sponsored by: Dell EMC Isilon Differential Revision: D9985 |
H A D | Makefile | diff 327856 Fri Jan 12 00:39:56 MST 2018 asomers MFC r313962, r313972-r313973, r315230 r313962 by allanjude: improve PBKDF2 performance The PBKDF2 in sys/geom/eli/pkcs5v2.c is around half the speed it could be GELI's PBKDF2 uses a simple benchmark to determine a number of iterations that will takes approximately 2 seconds. The security provided is actually half what is expected, because an attacker could use the optimized algorithm to brute force the key in half the expected time. With this change, all newly generated GELI keys will be approximately 2x as strong. Previously generated keys will talk half as long to calculate, resulting in faster mounting of encrypted volumes. Users may choose to rekey, to generate a new key with the larger default number of iterations using the geli(8) setkey command. Security of existing data is not compromised, as ~1 second per brute force attempt is still a very high threshold. PR: 202365 Original Research: https://jbp.io/2015/08/11/pbkdf2-performance-matters/ Submitted by: Joe Pixton <jpixton@gmail.com> (Original Version), jmg (Later Version) Reviewed by: ed, pjd, delphij Approved by: secteam, pjd (maintainer) Differential Revision: https://reviews.freebsd.org/D8236 r313972 by ngie: Unbreak the build when "make obj" is executed beforehand Using relative paths imply working directory (in this case .OBJDIR), whereas the sources live in the .CURDIR-relative path. X-MFC with: r313962 Pointyhat to: allanjude Sponsored by: Dell EMC Isilon r313973 by ngie: A forced commit to note other portion of the Makefile change accidentally committed in r313972 The code committed in r313962 implicitly relies on python 2.x to generate testvect.h . There are a handful of issues with this approach: - python is not an explicit build dependency for FreeBSD - python 2.x is deprecated and will be removed sometime in the future (potentially before 11.x's EOL), and the script does not function with python 3.5 (it uses deprecated idioms and incompatible function calls). - python(1) (by default) lives in /usr/local/bin (${LOCALBASE}/bin) and gentestvect.py is a dependency of testvect.h (prior to r313972) which means that if the mtime of the generator script was newer than the mtime of the test vector, it could cause a spurious build failure in build time or at install time. A better solution using C/C++ should be devised. Discussed with: allanjude X-MFC with: r313962, r313972 Sponsored by: Dell EMC Isilon r315230 by ngie: Move .../sys/geom/eli/pbkdf2... to .../sys/geom/class/eli/... This change moves the tests added in r313962 to an existing directory structure used by the geli TAP tests. It also, renames the test from pbkdf2 to pbkdf2_test . The changes to ObsoleteFiles.inc are being committed separately as they aren't needed for the MFC to ^/stable/11, etc, if the MFC for the tests is done all in one commit. X-MFC with: r313962, r313972-r313973 Reviewed by: allanjude Sponsored by: Dell EMC Isilon Differential Revision: D9985 |
/freebsd-11-stable/sys/geom/eli/ | ||
H A D | pkcs5v2.c | diff 327856 Fri Jan 12 00:39:56 MST 2018 asomers MFC r313962, r313972-r313973, r315230 r313962 by allanjude: improve PBKDF2 performance The PBKDF2 in sys/geom/eli/pkcs5v2.c is around half the speed it could be GELI's PBKDF2 uses a simple benchmark to determine a number of iterations that will takes approximately 2 seconds. The security provided is actually half what is expected, because an attacker could use the optimized algorithm to brute force the key in half the expected time. With this change, all newly generated GELI keys will be approximately 2x as strong. Previously generated keys will talk half as long to calculate, resulting in faster mounting of encrypted volumes. Users may choose to rekey, to generate a new key with the larger default number of iterations using the geli(8) setkey command. Security of existing data is not compromised, as ~1 second per brute force attempt is still a very high threshold. PR: 202365 Original Research: https://jbp.io/2015/08/11/pbkdf2-performance-matters/ Submitted by: Joe Pixton <jpixton@gmail.com> (Original Version), jmg (Later Version) Reviewed by: ed, pjd, delphij Approved by: secteam, pjd (maintainer) Differential Revision: https://reviews.freebsd.org/D8236 r313972 by ngie: Unbreak the build when "make obj" is executed beforehand Using relative paths imply working directory (in this case .OBJDIR), whereas the sources live in the .CURDIR-relative path. X-MFC with: r313962 Pointyhat to: allanjude Sponsored by: Dell EMC Isilon r313973 by ngie: A forced commit to note other portion of the Makefile change accidentally committed in r313972 The code committed in r313962 implicitly relies on python 2.x to generate testvect.h . There are a handful of issues with this approach: - python is not an explicit build dependency for FreeBSD - python 2.x is deprecated and will be removed sometime in the future (potentially before 11.x's EOL), and the script does not function with python 3.5 (it uses deprecated idioms and incompatible function calls). - python(1) (by default) lives in /usr/local/bin (${LOCALBASE}/bin) and gentestvect.py is a dependency of testvect.h (prior to r313972) which means that if the mtime of the generator script was newer than the mtime of the test vector, it could cause a spurious build failure in build time or at install time. A better solution using C/C++ should be devised. Discussed with: allanjude X-MFC with: r313962, r313972 Sponsored by: Dell EMC Isilon r315230 by ngie: Move .../sys/geom/eli/pbkdf2... to .../sys/geom/class/eli/... This change moves the tests added in r313962 to an existing directory structure used by the geli TAP tests. It also, renames the test from pbkdf2 to pbkdf2_test . The changes to ObsoleteFiles.inc are being committed separately as they aren't needed for the MFC to ^/stable/11, etc, if the MFC for the tests is done all in one commit. X-MFC with: r313962, r313972-r313973 Reviewed by: allanjude Sponsored by: Dell EMC Isilon Differential Revision: D9985 |
H A D | g_eli_hmac.c | diff 327856 Fri Jan 12 00:39:56 MST 2018 asomers MFC r313962, r313972-r313973, r315230 r313962 by allanjude: improve PBKDF2 performance The PBKDF2 in sys/geom/eli/pkcs5v2.c is around half the speed it could be GELI's PBKDF2 uses a simple benchmark to determine a number of iterations that will takes approximately 2 seconds. The security provided is actually half what is expected, because an attacker could use the optimized algorithm to brute force the key in half the expected time. With this change, all newly generated GELI keys will be approximately 2x as strong. Previously generated keys will talk half as long to calculate, resulting in faster mounting of encrypted volumes. Users may choose to rekey, to generate a new key with the larger default number of iterations using the geli(8) setkey command. Security of existing data is not compromised, as ~1 second per brute force attempt is still a very high threshold. PR: 202365 Original Research: https://jbp.io/2015/08/11/pbkdf2-performance-matters/ Submitted by: Joe Pixton <jpixton@gmail.com> (Original Version), jmg (Later Version) Reviewed by: ed, pjd, delphij Approved by: secteam, pjd (maintainer) Differential Revision: https://reviews.freebsd.org/D8236 r313972 by ngie: Unbreak the build when "make obj" is executed beforehand Using relative paths imply working directory (in this case .OBJDIR), whereas the sources live in the .CURDIR-relative path. X-MFC with: r313962 Pointyhat to: allanjude Sponsored by: Dell EMC Isilon r313973 by ngie: A forced commit to note other portion of the Makefile change accidentally committed in r313972 The code committed in r313962 implicitly relies on python 2.x to generate testvect.h . There are a handful of issues with this approach: - python is not an explicit build dependency for FreeBSD - python 2.x is deprecated and will be removed sometime in the future (potentially before 11.x's EOL), and the script does not function with python 3.5 (it uses deprecated idioms and incompatible function calls). - python(1) (by default) lives in /usr/local/bin (${LOCALBASE}/bin) and gentestvect.py is a dependency of testvect.h (prior to r313972) which means that if the mtime of the generator script was newer than the mtime of the test vector, it could cause a spurious build failure in build time or at install time. A better solution using C/C++ should be devised. Discussed with: allanjude X-MFC with: r313962, r313972 Sponsored by: Dell EMC Isilon r315230 by ngie: Move .../sys/geom/eli/pbkdf2... to .../sys/geom/class/eli/... This change moves the tests added in r313962 to an existing directory structure used by the geli TAP tests. It also, renames the test from pbkdf2 to pbkdf2_test . The changes to ObsoleteFiles.inc are being committed separately as they aren't needed for the MFC to ^/stable/11, etc, if the MFC for the tests is done all in one commit. X-MFC with: r313962, r313972-r313973 Reviewed by: allanjude Sponsored by: Dell EMC Isilon Differential Revision: D9985 |
H A D | g_eli.h | diff 327856 Fri Jan 12 00:39:56 MST 2018 asomers MFC r313962, r313972-r313973, r315230 r313962 by allanjude: improve PBKDF2 performance The PBKDF2 in sys/geom/eli/pkcs5v2.c is around half the speed it could be GELI's PBKDF2 uses a simple benchmark to determine a number of iterations that will takes approximately 2 seconds. The security provided is actually half what is expected, because an attacker could use the optimized algorithm to brute force the key in half the expected time. With this change, all newly generated GELI keys will be approximately 2x as strong. Previously generated keys will talk half as long to calculate, resulting in faster mounting of encrypted volumes. Users may choose to rekey, to generate a new key with the larger default number of iterations using the geli(8) setkey command. Security of existing data is not compromised, as ~1 second per brute force attempt is still a very high threshold. PR: 202365 Original Research: https://jbp.io/2015/08/11/pbkdf2-performance-matters/ Submitted by: Joe Pixton <jpixton@gmail.com> (Original Version), jmg (Later Version) Reviewed by: ed, pjd, delphij Approved by: secteam, pjd (maintainer) Differential Revision: https://reviews.freebsd.org/D8236 r313972 by ngie: Unbreak the build when "make obj" is executed beforehand Using relative paths imply working directory (in this case .OBJDIR), whereas the sources live in the .CURDIR-relative path. X-MFC with: r313962 Pointyhat to: allanjude Sponsored by: Dell EMC Isilon r313973 by ngie: A forced commit to note other portion of the Makefile change accidentally committed in r313972 The code committed in r313962 implicitly relies on python 2.x to generate testvect.h . There are a handful of issues with this approach: - python is not an explicit build dependency for FreeBSD - python 2.x is deprecated and will be removed sometime in the future (potentially before 11.x's EOL), and the script does not function with python 3.5 (it uses deprecated idioms and incompatible function calls). - python(1) (by default) lives in /usr/local/bin (${LOCALBASE}/bin) and gentestvect.py is a dependency of testvect.h (prior to r313972) which means that if the mtime of the generator script was newer than the mtime of the test vector, it could cause a spurious build failure in build time or at install time. A better solution using C/C++ should be devised. Discussed with: allanjude X-MFC with: r313962, r313972 Sponsored by: Dell EMC Isilon r315230 by ngie: Move .../sys/geom/eli/pbkdf2... to .../sys/geom/class/eli/... This change moves the tests added in r313962 to an existing directory structure used by the geli TAP tests. It also, renames the test from pbkdf2 to pbkdf2_test . The changes to ObsoleteFiles.inc are being committed separately as they aren't needed for the MFC to ^/stable/11, etc, if the MFC for the tests is done all in one commit. X-MFC with: r313962, r313972-r313973 Reviewed by: allanjude Sponsored by: Dell EMC Isilon Differential Revision: D9985 |
Completed in 107 milliseconds