[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <BA5F08A1-3F23-43CB-A0BE-5FC398CBAA1B@gmail.com>
Date: Sun, 17 Feb 2013 21:00:54 -0500
From: Matthew Green <matthewdgreen@...il.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Asymmetry [Was: Any "large verifiers" on the panel?]
> From a practical perspective, I'm highly skeptical that most users would actually store such a secret differently/out of reach of an attacker. If you've compromised the server, you almost certainly have access to any secrets. Online attacks are problematic, but offline attacks are far worse. If a scheme can't offer a decent amount of protection for the digests of low-entropy passwords when they (and any secrets) are compromised, then it is not very good, IMHO. That's not to say that having the ability to leverage a HSM (if available) to make it even harder wouldn't be great feature, of course. I just think that will be rare.
I think that HSMs are going to become increasingly common in this area. I also think we're going to see an increasing number of clever tricks to keep secrets out of the hands of a hacked server. We already have things SRP (not that I'm recommending it). I expect to also see simple end-to-end encryption of passwords, from browser to an HSM or equivalent system. But databases will continue to be the weak link.
You can't do this stuff today because HSMs aren't up to it, and because most browsers don't let you do the kind of crypto you want to do at login time. I think 5-10 years from now things will have changed a bit.
But I've been wrong before.
Matt
Content of type "text/html" skipped
Powered by blists - more mailing lists