[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20130219012722.GA22849@openwall.com>
Date: Tue, 19 Feb 2013 05:27:22 +0400
From: Solar Designer <solar@...nwall.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Any "large verifiers" on the panel?
On Sat, Feb 16, 2013 at 09:59:39AM -0600, Jeffrey Goldberg wrote:
> I'm not familiar with everyone on the panel, but I think it would be useful to have someone with an understanding of having to deal with a large number of legitimate authentication sessions. Someone who, say, manages Gmail logins (IMAP, web, etc) may have insight into what sorts of cost parameters they would like to have.
>
> Basically, it would be really sucky to settle upon a winner and then have sites and services say, "we won't use that because we can't manage our verification costs the way we need to."
I am not exactly "with" a company of this sort, but I do have such
insight. Specifically, the required performance numbers used in my
ZeroNights presentation are not arbitrary. For some companies, a
throughput of more than ~1000/s per authentication server is required,
and latencies of more than ~10 ms are costly in terms of request queue
size growth on other servers.
http://www.openwall.com/presentations/ZeroNights2012-New-In-Password-Hashing/
Alexander
Powered by blists - more mailing lists