lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 17 Feb 2013 07:45:08 +0000
From: Marsh Ray <>
To: Jeffrey Goldberg <>,
	"" <>
Subject: RE: [PHC] Any "large verifiers" on the panel?

> -----Original Message-----
> From: Jeffrey Goldberg []
> Sent: Saturday, February 16, 2013 10:00 AM
> To:
> Subject: [PHC] Any "large verifiers" on the panel?
> I'm not familiar with everyone on the panel, but I think it would be useful to
> have someone with an understanding of having to deal with a large number
> of legitimate authentication sessions.

I'm with PhoneFactor, we're a two-factor authentication company recently acquired by Microsoft.

While I'm not at liberty to disclose the exact number of password authentications we process, I can say that it really comes down to deciding how much CPU load you're willing to put on the system. Many systems, you specify a password only once to login, and everything after that is done with cookies. So even a very high work factor setting may not represent a noticeable hit on overall server load.

In my case, as a developer, I basically used my knowledge of our workload and said "Hmm I think I could get away with burning NNN milliseconds on each password validation", so I set the CPU work factor there (pretty high). Our operations staff has yet to notice or complain, but it will ultimately result in us needing more servers as we work frantically to scale up to "Microsoft scale".

Another anecdote comes from Moxie Marlinspike when he was at Twitter. We were discussing memory-hard password hashing functions, and his response was to the effect of "yeah we would definitely not be able to handle near as many simultaneous auths as we do now if the shared memory bus of the multicore server were constantly saturated."

- Marsh

Powered by blists - more mailing lists