Date: Mon, 25 Nov 2013 10:45:03 +0400 From: Solar Designer <solar@...nwall.com> To: crypt-dev@...ts.openwall.com Subject: Re: A couple of thoughts on password hashing Hi, After having already done much work on an scrypt-inspired new password hash, I am re-reading some threads here and on other lists where people posted thoughts on password hashing. I didn't want them to influence my thinking too much initially, but now is the time for a sanity check. ;-) On Sat, Feb 02, 2013 at 05:56:01PM +0100, CodesInChaos wrote: > A couple of quick thoughts on creating new password hashes: Thank you for these! I mostly agree, with the major exception being: > * For Key derivation in disk encryption, state level attackers with custom > hardware are an important consideration > For login hashes we probably care more about less sophisticated attackers > with GPUs and perhaps FPGA. Yes, but: > * Time-memory trade-offs seem to increase flexibility without benefiting > attackers. It's trade-offs involving parallelism that are problematic Time-memory tradeoffs are also problematic for the defender, considering "less sophisticated attackers with GPUs and perhaps FPGA". I include some optional TMTO discouraging measures specifically to better defend against attackers with non-ASICs (or with less than 100% of their hardware being ASICs). Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.