lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 13 Mar 2014 21:58:06 +0000
From: Peter Maxwell <>
To: "" <>
Subject: Re: [PHC] "Why I Don't Recommend Scrypt"

On 13 March 2014 16:53, Bill Cox <> wrote:

> I think the NSA would prefer that we continue using Bcrypt and not
> switch to Scrypt.  Let's assume they have liquid nitrogen cooled ASICs
> with 1024 Bcrypt hashing cores running say 2X faster than the fastest
> CPU on each core.  If I understand correctly, Bcrypt only requires
> 4KiB of memory, so integrating 1024 of them is not unreasonable.  Per
> board, let's guess they have 64 chips, and maybe 1024 boards, for a
> factor of 134 million-to-1 compute power vs a high-end PC.
> Bcrypt is safe against all those GPU crackers who don't have the money
> to build what the NSA can, so bcrypt does a good job protecting the
> public, while allowing government sized organizations the ability to
> crack passwords far more effectively.  I think that's the NSA's
> prefered sweet spot for the public.

​Sorry for resurrecting an earlier incarnation of this thread but wanted to
pose the question: are we actually worried about people using ASICs for
password cracking?​

Have ASICs been used for password cracking to date?

​If the NSA, GCHQ, et al. are targeting someone, do they not already have
numerous measures to compromise hosts other than password cracking?

Content of type "text/html" skipped

Powered by blists - more mailing lists