[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20140226092852.GA6296@openwall.com>
Date: Wed, 26 Feb 2014 13:28:52 +0400
From: Solar Designer <solar@...nwall.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Should we care about "parameter influence" attacks against PBKDF2?
On Wed, Feb 26, 2014 at 01:14:13PM +0400, Solar Designer wrote:
> If we do support hash upgrades to higher m_cost and/or t_cost, we're
> susceptible to a variation of this attack, almost by definition. Given
> a pre-upgrade and a post-upgrade hash, the attacker only needs to
> perform the upgrade for each candidate password to test that candidate.
> The attacker does not need to compute either hash fully.
Scratch that. Obviously, this can't be true, precisely because no
(candidate) password is input to the upgrade procedure, by definition.
Alexander
Powered by blists - more mailing lists