| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAOLP8p53yOn8U18qziBr3nUkJv=CJhFNY=1S26_aQddfK7e6kg@mail.gmail.com> Date: Sun, 19 Jan 2014 13:03:22 -0500 From: Bill Cox <waywardgeek@...il.com> To: discussions@...sword-hashing.net Subject: Re: [PHC] Native server relief support for password hashing in browsers On Sun, Jan 19, 2014 at 12:21 PM, Krisztián Pintér <pinterkr@...il.com> wrote: > by the same token, considering cold boot attacks or DMA attacks, with > memory hard pbkdf-s, we are moving into the exact opposite direction > than the trend. in all other areas, we try to put crypto in the CPU. > with memory intensive functions, we hugely exacerbate the problem > instead. > > it is getting to be my pet peeve, but i think we badly need some > randomized blinding. This is one reason I like Blakerypt's session key idea. Simply hashing it with the password to create an intermediate derived key, and then clearing the password, minimizes the attack surface against the password, if I'm using your terminology correctly. Is this the kind of randomized blinding you're thinking of? If so, I have to say I agree with you. I don't know of any other way to do it. Is this standard stuff? Just because it's new to me doesn't mean it's new. Bill
Powered by blists - more mailing lists