Date: Mon, 10 Dec 2012 07:47:10 +0100 From: Lukas Odzioba <lukas.odzioba@...il.com> To: john-users@...ts.openwall.com Subject: Re: Password hashing at scale (for Internet companies with millions of users) - YaC 2012 slides http://www.jupiterbroadcasting.com/27761/tales-from-the-bcrypt-techsnap-85/ Here guys are talking about Alexander's "Password gashing at scale" talk at Yac2012 Starts at 1:07:45 Video is available in different formats. Happy watching, Lukas 2012/10/5 Solar Designer <solar@...nwall.com>: > Hi, > > The slides for my YaC 2012 talk "Password hashing at scale" are now online: > > http://www.openwall.com/presentations/YaC2012-Password-Hashing-At-Scale/ > > In this talk, I have focused on approaches to and challenges with > setting up better password hashing for Internet companies with millions > of users. Some of the topics covered are possible use of HSMs (and > YubiHSM as a specific example), how much password stretching can be > afforded, different password hash types (including what's wrong with > PBKDF2, bcrypt, scrypt, possible revisions of scrypt), trade-offs with > using memory-hard KDFs in general, possible defensive use of GPUs, > Xeon Phi coprocessor, FPGAs. > > SHA-3 is deliberately not mentioned on the slides yet. I briefly > thought of retroactively adding a few mentions of it (YaC 2012 was a day > too early), but decided not to. SHA-3 should be similar to DES (read: > very good) in context of possible defensive use of FPGAs. As to > PBKDF2-HMAC-SHA-3, things are less clear, although it's probably weaker > than PBKDF2-HMAC-SHA-512 (is it also weaker than -SHA-256? than -SHA-1? > not sure). (In this context, "weaker" means it allows for even more > efficient attack-optimized implementations than the other hash type, > resulting in higher passwords tested per second rate for the same > processing cost of defensive use.) I prefer to keep only fairly > reliable information on the slides, and not speculate on important > issues there (but I do speculate here, as you can see). Those of you > who follow @solardiz on Twitter probably already know a bit more on my > expectations and reasoning for throughput-optimized parallelized > implementations of SHA-3, due to the too-many-tweet conversation I had > with @marshray. ;-) > > Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.