lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 11 Feb 2014 14:50:17 -0800
From: Andy Lutomirski <>
To: discussions <>
Subject: Re: [PHC] Is bandwidth all that counts?

On Tue, Feb 11, 2014 at 2:47 PM, Bill Cox <> wrote:
> Having submitted my NoelKDF with it's multiplication compute-time
> hardening, I am now wondering if the compute time we force an attacker
> to spend matters at all.  An attacker will simply add password hashing
> cores, which are close to free, to his FPGA or ASIC, until his memory
> bandwidth is full.  If I force him to spend a full second to write and
> then read 4GiB once (which I do), he'll just run 5 of my hashing cores
> in parallel on an FPGA and fill it's 40GiB/sec memory bandwidth, doing
> 5 guesses per second, so who cares that I forced him to spend as long
> as me computing the hash?

The attacker will need more memory, right?  Interleaving between
different passwords increases bandwidth, but it proportionately
increases the amount of memory needed, I think.


Powered by blists - more mailing lists