lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 17 Feb 2013 21:00:54 -0500
From: Matthew Green <>
Subject: Re: [PHC] Asymmetry [Was: Any "large verifiers" on the panel?]

> From a practical perspective, I'm highly skeptical that most users would actually store such a secret differently/out of reach of an attacker. If you've compromised the server, you almost certainly have access to any secrets. Online attacks are problematic, but offline attacks are far worse. If a scheme can't offer a decent amount of protection for the digests of low-entropy passwords when they (and any secrets) are compromised, then it is not very good, IMHO. That's not to say that having the ability to leverage a HSM (if available) to make it even harder wouldn't be great feature, of course. I just think that will be rare.

I think that HSMs are going to become increasingly common in this area. I also think we're going to see an increasing number of clever tricks to keep secrets out of the hands of a hacked server. We already have things SRP (not that I'm recommending it). I expect to also see simple end-to-end encryption of passwords, from browser to an HSM or equivalent system. But databases will continue to be the weak link.

You can't do this stuff today because HSMs aren't up to it, and because most browsers don't let you do the kind of crypto you want to do at login time. I think 5-10 years from now things will have changed a bit.
But I've been wrong before.

Content of type "text/html" skipped

Powered by blists - more mailing lists