lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 10 Dec 2013 19:18:45 +0100
From: CodesInChaos <codesinchaos@...il.com>
To: Poul-Henning Kamp <phk@....freebsd.dk>
Cc: discussions@...sword-hashing.net
Subject: Re: [PHC] IETF draft

That form of pre-computation seems like an extremely exotic threat.

For that to be relevant, and attacker would have to first compromise
the db, then precompute (separately for each user!), and then later on
obtain the key. Only effect of pre-computation is that the attacker
can compute hashes between the compromise of the db and compromise of
the key. I think it's unlikely that this would happen in practice.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ