lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 15 Feb 2013 14:14:17 -0800
From: ravin wind <ravinwinddce@...il.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] FAQ

On 02/15/2013 01:45 PM, Jean-Philippe Aumasson wrote:
> Hi, welcome to our discussions mailing list!
>
> Earlier today we published an FAQ page, with only 1 Q&A so far
> (https://password-hashing.net/faq.html). What other questions would
> you like to see there?
>
>
> Thanks!
>
>
> JP

On 02/15/2013 01:45 PM, Jean-Philippe Aumasson wrote:
> Hi, welcome to our discussions mailing list!
>
> Earlier today we published an FAQ page, with only 1 Q&A so far
> (https://password-hashing.net/faq.html). What other questions would
> you like to see there?
>
>
> Thanks!
>
>
> JP
I assume memory-hard problems are in play. Example: SHA-256 hashing and
filling the whole 4GB memory space with PRN to derive the next address
in memory, add a 128-bit salt, repeat hash again, and so on. Thus
overcoming low-memory requirements of PBKDF2 and forcing the use of the
whole memory. Pipelined FPGA, parallel CPUs or GPUs can't then be used. 
Clustering will not work. A Critical-Path is formed due to mixing with
the password key (hashed 44-64 character Yubikey) at each hashing. 
Whole memory space must always be filled to get the next hash correct.
Memory jumps will seem random. Scrypt comes to mind.

Powered by blists - more mailing lists