lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 10 Jan 2014 05:36:04 -0600 (CST)
From: Steve Thomas <steve@...tu.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] scripting memory (not so) high

> On January 10, 2014 at 4:21 AM Steve Thomas <steve@...tu.com> wrote:
> 
>  If you use 1/2 the memory it will cost 1.5x for each loop. So for $t_cost = 1
>  it will take 7.5x more computations. Which is comparable to $k = 4.
> 
Oh right I just remembered a better attack that cost 2*ram^(1/2) and takes 2x
operations. So for 1MB it needs 16KB and with $t_cost = 1 it's 10x. Well
maybe I should stop considering the hashing of mem free. Oh well oops it's
2.41x more operations.
Normal: 16384 + 8192 * 5 + 1
Cheating: (16384 - 128) * (5+1) - 128 + 8192 * 5 + 1

So max is 191/64 times (2.98x) more work with 2*ram^(1/2). You should keep
$k relatively low. As $k increases this attack becomes more efficient for yours.
Content of type "text/html" skipped

Powered by blists - more mailing lists