| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CA+aY-u6N+z1myqMFPTyHQKd_x+cmMC4hwSWG1vRpGeJpxCfefA@mail.gmail.com>
Date: Wed, 12 Feb 2014 00:10:55 +0000
From: Peter Maxwell <peter@...icient.co.uk>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>
Subject: Re: [PHC] Is bandwidth all that counts?
On 11 February 2014 22:47, Bill Cox <waywardgeek@...il.com> wrote:
> Having submitted my NoelKDF with it's multiplication compute-time
> hardening, I am now wondering if the compute time we force an attacker
> to spend matters at all. An attacker will simply add password hashing
> cores, which are close to free, to his FPGA or ASIC, until his memory
> bandwidth is full. If I force him to spend a full second to write and
> then read 4GiB once (which I do), he'll just run 5 of my hashing cores
> in parallel on an FPGA and fill it's 40GiB/sec memory bandwidth, doing
> 5 guesses per second, so who cares that I forced him to spend as long
> as me computing the hash?
>
> Now the reverse is not true - if we spend time on a complex hash
> function instead of filling memory rapidly, an attacker will be more
> efficient, maxing out his memory bandwidth while we don't, and that
> ration is pure win for the attacker.
>
Could you possibly run through that argument again, I think I'm missing
something (it's probably obvious but I can't see it at the moment).
My problem is understanding why memory bandwidth is the critical factor -
is memory bandwidth inherently more expensive than the actual DRAM?
Content of type "text/html" skipped
Powered by blists - more mailing lists