| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <11045.1386757210@critter.freebsd.dk> Date: Wed, 11 Dec 2013 10:20:10 +0000 From: "Poul-Henning Kamp" <phk@....freebsd.dk> To: CodesInChaos <codesinchaos@...il.com> cc: discussions@...sword-hashing.net Subject: Re: [PHC] IETF draft In message <CAK9dnSw3OJJVQw3AF+SYZuAuULrOc_sJkCLWk0e0LYdzOTwU8g@...l.gmail.com> , CodesInChaos writes: >> My 1994 proposal: >> >> DB(salt, hash(site_key + salt + password)) >> >> Frustrates that attack, even if the site_key is also stolen, because >> there will not be any salt collisions -- as the site_key is >> effectively a part of the salt. >Why bother frustrating an already irrelevant attack? And just why do you think I mentioned this idea in 1994, and then did nothing with it ever since ? :-) >If you use the key as input to the slow hash, you can't store it on a >low power device, Neither can you if you need it to validate a password. A password scrambler should not rely on secrecy, since that is almost impossible to maintain if you want to be able to validate passwords. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@...eBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Powered by blists - more mailing lists