Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20121123060333.GA5344@openwall.com>
Date: Fri, 23 Nov 2012 10:03:33 +0400
From: Solar Designer <solar@...nwall.com>
To: crypt-dev@...ts.openwall.com
Subject: Re: ROM or memory port hardness

On Tue, Oct 16, 2012 at 12:15:51AM +0200, Simon Josefsson wrote:
> I like the idea -- essentially the multi-GB data act as a large
> site-wide salt that is derived from a smaller parameter set.  My
> perception of scrypt is that it is well suitable for offline situations
> where you typically have GB's of memory available (e.g., disk encryption
> at boot) but not well optimized for online user authentication.

Yes, and in the context of dedicated authentication servers we also have
gigabytes of memory available - we just need to use it, which regular
scrypt could not do at the desired throughput and maximum latency.

I spoke on this topic at ZeroNights conference in Moscow on Nov 19-20.
Here are the slides:

http://www.openwall.com/presentations/ZeroNights2012-New-In-Password-Hashing/

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.