| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <21560.1386698195@critter.freebsd.dk> Date: Tue, 10 Dec 2013 17:56:35 +0000 From: "Poul-Henning Kamp" <phk@....freebsd.dk> To: discussions@...sword-hashing.net, CodesInChaos <codesinchaos@...il.com> Subject: Re: [PHC] IETF draft In message <CAK9dnSyyQuQp2fMVBcG15HK-apHyOYNECWezzU4tJ23VguQhzw@...l.gmail.com> , CodesInChaos writes: >On Tue, Dec 10, 2013 at 6:45 PM, Poul-Henning Kamp <phk@....freebsd.dk> wrote: >> output = slow_hash(site_key + salt + password) > >Personally I prefer output = encrypt(site_key, slow_hash(salt, password)). Since Disadvantage: If they get hold of the site_key, which I consider almost a certainty if they got hold of your stored passwords, you're back where we are today. By mixing the site_key into the hash, you effectively prevent any pre-computation, until after the attack has handed them the site_key. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@...eBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Powered by blists - more mailing lists