lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 3 Apr 2014 10:54:29 +0400 From: Solar Designer <solar@...nwall.com> To: discussions@...sword-hashing.net Subject: Re: [PHC] Catfish and public key hash On Wed, Apr 02, 2014 at 08:36:01PM -0300, mjunior@...c.usp.br wrote: > I would say that if the attacker needs more than 2x the amount of memory used by the defender to get less than a 2x speed-up, then the attacker is wasting resources: he/she could simply use two cores to get the same throughput... Unless the attacker model considers a limitation in number of cores, which does not seem to be the most common case. It may well be the most common case (or at least a very common case): attackers with CPUs. While we focus on defeating GPUs/FPGAs/ASICs, let's not forget about CPUs, which are used for password cracking a lot, simply because they're readily available everywhere anyway (even when not most optimal for this specific task). So a 2x speedup for attacker vs. defender on a typical CPU+RAM system is a major drawback. In this case, I think the speedup is possible for defenders as well, but only if they're willing to trade memory for it, which may be a usability drawback (of this hashing scheme), then. Alexander
Powered by blists - more mailing lists