lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 21 Apr 2015 19:01:29 +0200 From: Krisztián Pintér <pinterkr@...il.com> To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net> Subject: Re: [PHC] Argon2 modulo division Bill Cox (at Tuesday, April 21, 2015, 5:48:31 PM): >> Generally, small integer division algorithms that are not >> constant-time... > I do not consider this to be a limitation of Argon2d, though Lyra2 > (and TwoCats) does protect against related attacks with it's > password independent first loop. However, there are some tin-foil > hat attacks this is unfortunately not the first time i hear such unscientific arguments on the list. it would be a good time to stop that. side channel attacks not only bypass the computational hardness. it is false that in case of a succesful attack, the hashing scheme reverts back to a single hash, or a half-hash if there are two phases. side channels are much more sinister. it is possible to steal the password in situations when it was not at all possible without them. the scenario is really simple. consider a system that is well protected agaist evesdropping, and the attackers have not managed to steal the password hash either. but the system is vulnerable to some sort of power/timing analysis. an attacker can gain absolutely zero knowledge if the hashing scheme is resistant against that type of attack. but they might learn enough information to recover the password, if the scheme is vulnerable to the attack. whether such attacks are actually feasible is very hard to tell in advance, but given the vast number of possible attack vectors, and the resent upsurge in successful side channel attacks, calling it improbable is totally bad science. the best you can say is we don't know, but we also didn't think very hard, honestly. if something is possible, it is only a matter of time before it becomes feasible.
Powered by blists - more mailing lists