| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20140226092852.GA6296@openwall.com> Date: Wed, 26 Feb 2014 13:28:52 +0400 From: Solar Designer <solar@...nwall.com> To: discussions@...sword-hashing.net Subject: Re: [PHC] Should we care about "parameter influence" attacks against PBKDF2? On Wed, Feb 26, 2014 at 01:14:13PM +0400, Solar Designer wrote: > If we do support hash upgrades to higher m_cost and/or t_cost, we're > susceptible to a variation of this attack, almost by definition. Given > a pre-upgrade and a post-upgrade hash, the attacker only needs to > perform the upgrade for each candidate password to test that candidate. > The attacker does not need to compute either hash fully. Scratch that. Obviously, this can't be true, precisely because no (candidate) password is input to the upgrade procedure, by definition. Alexander
Powered by blists - more mailing lists