| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CALCETrXhbZyzLALvBynvymv53WPoiFC5QKFAb4bFiW5ypnPuEA@mail.gmail.com> Date: Tue, 11 Feb 2014 14:50:17 -0800 From: Andy Lutomirski <luto@...capital.net> To: discussions <discussions@...sword-hashing.net> Subject: Re: [PHC] Is bandwidth all that counts? On Tue, Feb 11, 2014 at 2:47 PM, Bill Cox <waywardgeek@...il.com> wrote: > Having submitted my NoelKDF with it's multiplication compute-time > hardening, I am now wondering if the compute time we force an attacker > to spend matters at all. An attacker will simply add password hashing > cores, which are close to free, to his FPGA or ASIC, until his memory > bandwidth is full. If I force him to spend a full second to write and > then read 4GiB once (which I do), he'll just run 5 of my hashing cores > in parallel on an FPGA and fill it's 40GiB/sec memory bandwidth, doing > 5 guesses per second, so who cares that I forced him to spend as long > as me computing the hash? The attacker will need more memory, right? Interleaving between different passwords increases bandwidth, but it proportionately increases the amount of memory needed, I think. --Andy
Powered by blists - more mailing lists