lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 22 Mar 2014 08:39:21 -0400
From: Bill Cox <>
Subject: Re: [PHC] Transforming hash to different cost setting

On Sat, Mar 22, 2014 at 3:41 AM, Sweta Mishra <> wrote:
> Thanks Jeremi, but for the calculation of a password hash another
> requirement is that we need sufficiently large memory and we constantly use
> them throughout the calculation. Now if we try to update the previous stored
> hash then next calculation will only depend on the stored hash value and
> then how will it fulfil the memory requirement criteria for transforming
> hash to different cost setting.
> Thanks & Regards
> Sweta Mishra

I use Christian's solution for this.  It loses up to 2X in terms of
time*memory security, so users would not use this up-front.  However,
an admin might be looking at passwords that are 100X out of date
compute-time wise, so using this is a win in that case.

Basically, Christian's idea was to double memory each time, so a user
might start with 50MiB, and later an admin might make it compute
50MiB, 100MiB, 200MiB, and 400MiB.

Gary has a similar idea, but he wants to store the new rehashing
parameters in a chain with each password.  That would allow the admin
to take that 50MiB hash and turn it into a 2-step hash of 50 MiB and
400MiB.  It's more efficient, but adds complexity.


Powered by blists - more mailing lists