[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAOLP8p6YpBkOsjU8gnhJ=rjDcBX35bMOYRe870_vgzjx_UEVnQ@mail.gmail.com>
Date: Sun, 19 Jan 2014 13:39:07 -0500
From: Bill Cox <waywardgeek@...il.com>
To: Krisztián Pintér <pinterkr@...il.com>
Cc: discussions@...sword-hashing.net
Subject: Re: [PHC] Native server relief support for password hashing in browsers
On Sun, Jan 19, 2014 at 1:16 PM, Krisztián Pintér <pinterkr@...il.com> wrote:
>
> Bill Cox (at Sunday, January 19, 2014, 7:03:22 PM):
>>> it is getting to be my pet peeve, but i think we badly need some
>>> randomized blinding.
>
>> This is one reason I like Blakerypt's session key idea.
>
> last time i explained that, you called me a dork and another adjective
> i don't remember now. what happened? you have leveled up since? or
> became a dork yourself?
Yes, I have been a dork. Sorry about that. I have in common with you
a tendency to color what I say with strong feelings, and that gets me
in trouble.
Assuming you can get forgive my past crude remarks, I would be
interested if we're actually both concerned about the same issue:
memory leaks as the main threat against memory hard KDFs, and I am
interested in your thoughts on Blakerypt style mitigation techniques,
and if such protection can be extended to client-side hashing.
Bill
Powered by blists - more mailing lists