| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <532D3FE0.1060606@bindshell.nl> Date: Sat, 22 Mar 2014 00:46:40 -0700 From: Jeremi Gosney <epixoip@...dshell.nl> To: discussions@...sword-hashing.net Subject: Re: [PHC] Transforming hash to different cost setting These are not hard requirements, they are simply critera that will be evaluated in each candidate. You may choose not to support a particular feature in your design. On 3/22/2014 12:41 AM, Sweta Mishra wrote: > Thanks Jeremi, but for the calculation of a password hash another > requirement is that we need sufficiently large memory and we > constantly use them throughout the calculation. Now if we try to > update the previous stored hash then next calculation will only depend > on the stored hash value and then how will it fulfil the memory > requirement criteria for transforming hash to different cost setting. > > > Thanks & Regards > Sweta Mishra > > > On Sat, Mar 22, 2014 at 12:44 PM, Jeremi Gosney <epixoip@...dshell.nl > <mailto:epixoip@...dshell.nl>> wrote: > > On 3/22/2014 12:09 AM, Sweta Mishra wrote: > > What does the 'Ability to transform an existing hash to a different > > cost setting without knowledge of the password', mean exactly? > > Simply put, it means the ability to take a password hash from the > database and upgrade it to a higher cost setting without knowing the > password. This way administrators can upgrade the security of an > entire > database without hooking the login process to re-hash the password, or > forcing users to change their passwords. > >
Powered by blists - more mailing lists