| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 13 Mar 2014 21:58:06 +0000
From: Peter Maxwell <peter@...icient.co.uk>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>
Subject: Re: [PHC] "Why I Don't Recommend Scrypt"
On 13 March 2014 16:53, Bill Cox <waywardgeek@...il.com> wrote:
>
> I think the NSA would prefer that we continue using Bcrypt and not
> switch to Scrypt. Let's assume they have liquid nitrogen cooled ASICs
> with 1024 Bcrypt hashing cores running say 2X faster than the fastest
> CPU on each core. If I understand correctly, Bcrypt only requires
> 4KiB of memory, so integrating 1024 of them is not unreasonable. Per
> board, let's guess they have 64 chips, and maybe 1024 boards, for a
> factor of 134 million-to-1 compute power vs a high-end PC.
>
> Bcrypt is safe against all those GPU crackers who don't have the money
> to build what the NSA can, so bcrypt does a good job protecting the
> public, while allowing government sized organizations the ability to
> crack passwords far more effectively. I think that's the NSA's
> prefered sweet spot for the public.
>
Sorry for resurrecting an earlier incarnation of this thread but wanted to
pose the question: are we actually worried about people using ASICs for
password cracking?
Have ASICs been used for password cracking to date?
If the NSA, GCHQ, et al. are targeting someone, do they not already have
numerous measures to compromise hosts other than password cracking?
Content of type "text/html" skipped
Powered by blists - more mailing lists