lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 18 Jan 2014 01:29:49 -0800
From: Jeremi Gosney <>
Subject: Re: [PHC] Question about saturating the memory bandwidth

On 1/18/2014 12:40 AM, Peter Maxwell wrote:
> Saturating the memory bandwidth will not be practical - or even nearly
> so - for the majority of use-cases.
> we'll be lucky to convince folk to use anything more than a
> salted-hash let alone something that will hog all their processor
> cores and memory for each login attempt (whether that attempt is valid
> or not).

Agree completely. We can be memory hard without saturating the memory
bus. bcrypt is a good (but imperfect) example of how we can be memory
hard while using very little RAM.

Powered by blists - more mailing lists