| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 22 Mar 2014 22:20:12 -0700 From: "Jeremy Spilman" <jeremy@...link.co> To: discussions@...sword-hashing.net Subject: Re: [PHC] Transforming hash to different cost setting On Sat, 22 Mar 2014 22:06:57 -0700, Jeremy Spilman <jeremy@...link.co> wrote: > If you start at 5/5 (meaning a single round at cost '5') and increase > all hashes offline to be 5/7 (consecutive rounds at 5, 6, 7) then you > want to find the single round (8/8?) which matches the latency of 5/7 as > closely as possible. '5/7' could also mean consecutive rounds just at costs 5 and 7. There's no point in running more than one additional round for a single offline upgrade, since it's guaranteed to be less efficient than just picking just one additional round/cost setting to add. That is, unless you actually have stacked multiple offline upgrades onto the same hash while the user still hasn't ever successfully logged in, in which case you would be forced to keep stacking. But now we're storing 'cost[]' with each hash. As Krisztian pointed out, at some point you could just clear out JUST the password to force a reset if they ever do show back up. But then, to avoid the same attack, you need to actually hide this fact from the user. Luckily, they haven't logged into your system in so long, they can't possible remember their old password, so they'll inevitably just blame themselves for forgetting it when they click 'Reset'. That is, unless they're using a password manager, in which case they'll probably assume your site was hacked. Forget "too many secrets" more like "too many trade-offs"!
Powered by blists - more mailing lists