lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 22 Mar 2014 13:11:42 +0530
From: Sweta Mishra <swetam@...td.ac.in>
To: discussions <discussions@...sword-hashing.net>
Subject: Re: [PHC] Transforming hash to different cost setting

Thanks Jeremi, but for the calculation of a password hash another
requirement is that we need sufficiently large memory and we constantly use
them throughout the calculation. Now if we try to update the previous
stored hash then next calculation will only depend on the stored hash value
and then how will it fulfil the memory requirement criteria for
transforming hash to different cost setting.


Thanks & Regards
Sweta Mishra


On Sat, Mar 22, 2014 at 12:44 PM, Jeremi Gosney <epixoip@...dshell.nl>wrote:

> On 3/22/2014 12:09 AM, Sweta Mishra wrote:
> > What does the  'Ability to transform an existing hash to a different
> > cost setting without knowledge of the password', mean exactly?
>
> Simply put, it means the ability to take a password hash from the
> database and upgrade it to a higher cost setting without knowing the
> password. This way administrators can upgrade the security of an entire
> database without hooking the login process to re-hash the password, or
> forcing users to change their passwords.
>

Content of type "text/html" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ