lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 19 Feb 2013 10:22:10 +0000
From: Peter Gutmann <pgut001@...auckland.ac.nz>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>
Subject: Re: [PHC] Any "large verifiers" on the panel?

[Apparently my posts to the list have been getting lost, this is an attempt to
 re-post from an alternate system.  Apologies if you've seen some of these
 before]

Jeffrey Goldberg <Jeffrey@...dmark.org> writes:

>Basically, it would be really sucky to settle upon a winner and then have
>sites and services say, "we won't use that because we can't manage our
>verification costs the way we need to."

Oh, we don't need a "large verifier" to tell us that.  If we have a symmetric
winner then any site with any significant number of users will say "we won't
use that because we can't manage our verification costs the way we need to".
This is why I asked for an asymmetric option for the CFP, alongside the O( n )
everywhere for smaller sites we also need an O( 1 ) on the server, O( n ) on
the client for larger users, so some sort of trapdoor-function iterated-
hashing mechanism perhaps.

Peter.

Powered by blists - more mailing lists