Re: Bootup and login performance

To: Eero Tamminen <oak@helsinkinet.fi>
Cc: debian-68k@lists.debian.org
Subject: Re: Bootup and login performance
From: Thorsten Glaser <tg@mirbsd.de>
Date: Sat, 26 Jan 2013 16:27:00 +0000 (UTC)
Message-id: <[🔎] Pine.BSM.4.64L.1301261605220.32539@herc.mirbsd.org>
In-reply-to: <[🔎] 201301261253.54751.oak@helsinkinet.fi>
References: <[🔎] 201301261253.54751.oak@helsinkinet.fi>

Eero Tamminen dixit:

>(I started a new thread from "Kullervo")

That’s fine, I was reminded a bit of a.s.r threads on Usenet already…

>At least my /etc/pam.d/common-password doesn't have the rounds
>keyword mentioned here:
>	http://forums.debian.net/viewtopic.php?f=30&t=60679&start=30
>
>so I assume it does the hashing only once?

Of course not! It’s a security thing. I just looked it up:
http://www.akkadia.org/drepper/SHA-crypt.txt says the default
is 5'000 with a minimum of 1'000 and a maximum of 999'999'999.

>> I’ve got no idea how to change the default algorithm back to
>> md5crypt, that’s a debian user question.
>
>http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html#s4.11

Ah, thanks ;-) We do not use PAM on Real BSDs™, so my ignorance
should be excused.

>After changing "sha512" in /etc/pam.d/common-password to "md5",
>login is nearly instant.   Thanks!

Good to know.

>The difference is really huge, somebody should really look into
>that at some point...  Does any of the kernel profiling functionality
>work on m68k port? 

The *intent* of this function is to be slow, so that people
trying to crack into an account are delayed sufficiently,
even on multi-GHz machines. It is *specifically* designed
to be slow.

Anyway, removing “obscure” (to allow me to change my password
at all) and changing “sha512” to “md5” in /etc/pam.d/common-password
made things fast, thanks. I also, in the meantime, discovered where
the defaults come from: /usr/share/pam-configs/unix in libpam-runtime
which unfortunately is arch:all. I’ll be asking the maintainer (vorlon)
whether it’s possible to have different defaults for slow architectures
but, given it’s still somewhat usable, I guess we should just make a
note to change this file into the install documentation.

bye,
//mirabilos
-- 
[...] if maybe ext3fs wasn't a better pick, or jfs, or maybe reiserfs, oh but
what about xfs, and if only i had waited until reiser4 was ready... in the be-
ginning, there was ffs, and in the middle, there was ffs, and at the end, there
was still ffs, and the sys admins knew it was good. :)  -- Ted Unangst über *fs

Reply to:

References:
- Re: Bootup and login performance
  - From: Eero Tamminen <oak@helsinkinet.fi>

Prev by Date: Re: Atari TT
Next by Date: Re: kullervo
Previous by thread: Re: Bootup and login performance
Next by thread: Bug#699246: jemalloc: FTBFS on m68k: #error "No LG_QUANTUM definition for architecture" etc.
Index(es):
- Date
- Thread