Re: Bootup and login performance
Eero Tamminen dixit:
>(I started a new thread from "Kullervo")
That’s fine, I was reminded a bit of a.s.r threads on Usenet already…
>At least my /etc/pam.d/common-password doesn't have the rounds
>keyword mentioned here:
>so I assume it does the hashing only once?
Of course not! It’s a security thing. I just looked it up:
http://www.akkadia.org/drepper/SHA-crypt.txt says the default
is 5'000 with a minimum of 1'000 and a maximum of 999'999'999.
>> I’ve got no idea how to change the default algorithm back to
>> md5crypt, that’s a debian user question.
Ah, thanks ;-) We do not use PAM on Real BSDs™, so my ignorance
should be excused.
>After changing "sha512" in /etc/pam.d/common-password to "md5",
>login is nearly instant. Thanks!
Good to know.
>The difference is really huge, somebody should really look into
>that at some point... Does any of the kernel profiling functionality
>work on m68k port?
The *intent* of this function is to be slow, so that people
trying to crack into an account are delayed sufficiently,
even on multi-GHz machines. It is *specifically* designed
to be slow.
Anyway, removing “obscure” (to allow me to change my password
at all) and changing “sha512” to “md5” in /etc/pam.d/common-password
made things fast, thanks. I also, in the meantime, discovered where
the defaults come from: /usr/share/pam-configs/unix in libpam-runtime
which unfortunately is arch:all. I’ll be asking the maintainer (vorlon)
whether it’s possible to have different defaults for slow architectures
but, given it’s still somewhat usable, I guess we should just make a
note to change this file into the install documentation.
[...] if maybe ext3fs wasn't a better pick, or jfs, or maybe reiserfs, oh but
what about xfs, and if only i had waited until reiser4 was ready... in the be-
ginning, there was ffs, and in the middle, there was ffs, and at the end, there
was still ffs, and the sys admins knew it was good. :) -- Ted Unangst über *fs