lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 11 Aug 2013 22:38:39 +0100
From: Peter Maxwell <>
Subject: Minimal security estimates or guarantees for password hash parameter sets?

Following Dennis Hamilton's thread, "Interdependence of t_cost and m_cost
parameters", I had a thought: it is worthwhile specifying a "security
estimate" or "security guarantee" for various parameter sets in an
algorithm's submission?

We know:

i. from sample password data sets, we now have a large corpus of
statistical information on historical general user password choice, i.e. a
distribution showing density of user passwords by various complexity
measures; and,

ii. a good idea of how much computing power an attacker can bring to bear
for a certain cost, or at least a reasonable estimate thereof.

It should not be overly difficult[*] for algorithm designers to specify for
each of a limited number of parameter sets a security estimate/guarantee of
the form, "using this set of parameters, roughly x% of passwords would be
cracked by an attacker with £y to spend".  Yes, I know that the example
statement I've supplied is really a parametric curve, but you get the jist
-- supplying the developer that's going to use the password hash with
something more concrete to go on.

[*] - with some initial assumptions, of course

As long as it is not too onerous a requirement, the designer could
potentially specify a minimal password complexity requirement that the
target systems must implement to firm-up the estimate.

Anyway, just a thought.


Content of type "text/html" skipped

Powered by blists - more mailing lists