Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 3 Jun 2012 05:40:05 +0400
From: Solar Designer <>
Subject: Re: "Password security: past, present, future" presentation slides are now online

On Fri, Jun 01, 2012 at 01:02:12PM -0600, Stephen John Smoogen wrote:
> [...] this is
> actually 3 different lectures packed into one. [Far past state,
> present state, future state.]

Yes.  I thought of making them separate (or rather past+present is one
and future is another), but that would not match PHDays schedule, and
even if it would, then some people attending the future would not have
listened to past+present before, and vice versa (I imagine some would
get bored during a 50-minute past+present and miss the interesting
future stuff as a result).

A video is now available at:

Scroll down to "Day two. Broadcast of the main event", then choose
"13:59 Alexander (Solar designer) Peslyak, Password security: past,
present, future".  I haven't checked it out myself yet, though, since
they require Flash and won't just let me download the video. ;-(
So I don't know if it's any good. ;-)  I was speaking Russian, and there
was (supposed to be) synchronous translation to English (which I imagine
was really tough for the translator given the topic and the pace!)  Yet
the slides were in English only, as you have seen.  This choice had been
agreed upon as the best with the event organizers, given that over 90%
of the audience was Russian-speaking, but could read technical English.
The online videos are (supposed to be) in both languages (you choose).

> One thing I would have been interested
> in was not as much the cryptographic speed ups as the guessing
> speedups. Using the markov modes, smart guesses and even the way
> incremental tries to find as many via various patterns is the what I
> find intriguing as they are they are the techniques that will be used
> against even super slow authentication methods for good results..

Maybe, but this was mostly off-topic for my talk as it would not help me
talk about future KDFs: we need better KDFs anyway, and the criteria
are the same anyway (the best we can get).  Yes, there's also room for
improvement in password policies, although my gut feeling is that right
now passwdqc is more satisfactory as it is than the best KDFs currently
in use (maybe excluding only scrypt, but it is not in use for password
authentication yet).  In other words, I expect that in a few years from
now we won't be able to substantially improve upon passwdqc (considering
that a password policy needs to be not only effective, but also easy to
explain), but I see substantial room for improvement in KDFs and in the
way they're used by companies with large userbases (the host-unreadable
local parameter idea).

A next generation phpass is especially desirable since frankly the "last
resort fallback" code that I wrote in 2004 for what became the current
phpass and that turned out to be the only thing web apps would actually
accept in 2007 is just not good enough by the modern full set of
criteria, and now that we have a foot in the door (as I said in one of
the slides) there's not only a need, but also a chance to replace it
with a more elaborate alternative (to be designed).  However, as I also
said in my talk, we must resist the temptation and not do it
prematurely.  This needs serious consideration, experiments (not in
released versions of any apps, though!), discussions - so that we arrive
at something that would be both good enough and universally accepted.
This might take a few years.



Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.