lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 27 Jan 2014 12:03:57 -0500
From: Bill Cox <>
Subject: Re: [PHC] Opinions sought on whether a specific side-channel leakage
 is ok.

I've considered this scheme.  The problem I run into is that very weak
passwords are still guessable, unless I force the user to wait an
obnoxious amount of time.  For example, a password with only 12 bits
of entropy could be guessed using the same machine as the user in just
over an hour, if I limit the runtime to 1 second.  Also, users who do
care about their password strength are typically the users who would
want a full second of password hashing to protect it.  So, I came to
the conclusion that 1-ish seconds is around the right number.

As for the side-channel exposure, it bothers me some.  It could allow
him to attack only the lowest complexity hashes.  If he threw out 9
out of 10 based on complexity, he'd save himself 10X on compute


Powered by blists - more mailing lists