lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 26 Feb 2014 13:28:52 +0400
From: Solar Designer <>
Subject: Re: [PHC] Should we care about "parameter influence" attacks against PBKDF2?

On Wed, Feb 26, 2014 at 01:14:13PM +0400, Solar Designer wrote:
> If we do support hash upgrades to higher m_cost and/or t_cost, we're
> susceptible to a variation of this attack, almost by definition.  Given
> a pre-upgrade and a post-upgrade hash, the attacker only needs to
> perform the upgrade for each candidate password to test that candidate.
> The attacker does not need to compute either hash fully.

Scratch that.  Obviously, this can't be true, precisely because no
(candidate) password is input to the upgrade procedure, by definition.


Powered by blists - more mailing lists