[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <CA+aY-u58uLGFhDbrSjQYxV9bPyB-G8MHm4obX_r_LCaV3ohvBA@mail.gmail.com>
Date: Sun, 11 Aug 2013 22:38:39 +0100
From: Peter Maxwell <peter@...icient.co.uk>
To: discussions@...sword-hashing.net
Subject: Minimal security estimates or guarantees for password hash parameter sets?
Following Dennis Hamilton's thread, "Interdependence of t_cost and m_cost
parameters", I had a thought: it is worthwhile specifying a "security
estimate" or "security guarantee" for various parameter sets in an
algorithm's submission?
We know:
i. from sample password data sets, we now have a large corpus of
statistical information on historical general user password choice, i.e. a
distribution showing density of user passwords by various complexity
measures; and,
ii. a good idea of how much computing power an attacker can bring to bear
for a certain cost, or at least a reasonable estimate thereof.
It should not be overly difficult[*] for algorithm designers to specify for
each of a limited number of parameter sets a security estimate/guarantee of
the form, "using this set of parameters, roughly x% of passwords would be
cracked by an attacker with £y to spend". Yes, I know that the example
statement I've supplied is really a parametric curve, but you get the jist
-- supplying the developer that's going to use the password hash with
something more concrete to go on.
[*] - with some initial assumptions, of course
As long as it is not too onerous a requirement, the designer could
potentially specify a minimal password complexity requirement that the
target systems must implement to firm-up the estimate.
Anyway, just a thought.
Peter
Content of type "text/html" skipped
Powered by blists - more mailing lists