Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 10 Dec 2012 07:47:10 +0100
From: Lukas Odzioba <>
Subject: Re: Password hashing at scale (for Internet companies
 with millions of users) - YaC 2012 slides

Here guys are talking about Alexander's "Password gashing at scale"
talk at Yac2012
Starts at 1:07:45

Video is available in different formats.

Happy watching,

2012/10/5 Solar Designer <>:
> Hi,
> The slides for my YaC 2012 talk "Password hashing at scale" are now online:
> In this talk, I have focused on approaches to and challenges with
> setting up better password hashing for Internet companies with millions
> of users.  Some of the topics covered are possible use of HSMs (and
> YubiHSM as a specific example), how much password stretching can be
> afforded, different password hash types (including what's wrong with
> PBKDF2, bcrypt, scrypt, possible revisions of scrypt), trade-offs with
> using memory-hard KDFs in general, possible defensive use of GPUs,
> Xeon Phi coprocessor, FPGAs.
> SHA-3 is deliberately not mentioned on the slides yet.  I briefly
> thought of retroactively adding a few mentions of it (YaC 2012 was a day
> too early), but decided not to.  SHA-3 should be similar to DES (read:
> very good) in context of possible defensive use of FPGAs.  As to
> PBKDF2-HMAC-SHA-3, things are less clear, although it's probably weaker
> than PBKDF2-HMAC-SHA-512 (is it also weaker than -SHA-256? than -SHA-1?
> not sure).  (In this context, "weaker" means it allows for even more
> efficient attack-optimized implementations than the other hash type,
> resulting in higher passwords tested per second rate for the same
> processing cost of defensive use.)  I prefer to keep only fairly
> reliable information on the slides, and not speculate on important
> issues there (but I do speculate here, as you can see).  Those of you
> who follow @solardiz on Twitter probably already know a bit more on my
> expectations and reasoning for throughput-optimized parallelized
> implementations of SHA-3, due to the too-many-tweet conversation I had
> with @marshray. ;-)
> Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.