[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAHE9jN3WEbmwxMNOmvVcaytSCAFvA_j3mb+4x-H21RfZ0cdPhQ@mail.gmail.com>
Date: Tue, 25 Mar 2014 14:47:50 +0100
From: Alexandre Anzala-Yamajako <anzalaya@...il.com>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>
Cc: santiago torres <sat417@...dents.poly.edu>
Subject: Re: [PHC] New password hashing entry: PolyPassHash
Am i being dense or does this "meta technique" increases the load on the
attacker only if he doesn t also get the shares ?
On Tuesday, March 25, 2014, Justin Cappos <jcappos@....edu> wrote:
> The TLDR version of the scheme is as follows:
>
> Today password databases store: "username:salt: securehash(salt,
> password)" An attacker can crack passwords individually by guessing the
> password and computing the salted secure hash.
>
>
> PolyPassHash stores: "username:salt:sharenumber: (share(sharenumber) XOR
> securehash(salt, password))" So a correct password allows the server to
> obtain a share in a Shamir Secret store. The only way to know if the
> share is valid (and the password is correct) is to have a threshold of
> shares. Since a valid server gets many correct login attempts, it can
> trivially do this. The attacker needs to simultaneously guess many
> accounts which increases the needed time exponentially.
>
> Thanks,
> Justin
>
>
>
>
> On Mon, Mar 24, 2014 at 5:34 PM, Justin Cappos <jcappos@....edu<javascript:_e(%7B%7D,'cvml','jcappos@....edu');>
> > wrote:
>
>> I would like to solicit the community's feedback about an submission to
>> the PHC called PolyPassHash.
>>
>> This scheme is different than most PHC entries in that it uses a
>> threshold-based storage technique to prevent passwords from being
>> individually cracked. To validate a password, one must recover a share in
>> a Shamir Secret Store, which necessitates knowing a threshold of correct
>> passwords. (There are extensions to allow passwords to be securely
>> validated by a server upon setup and also to support accounts that do not
>> count toward the threshold.)
>>
>> PolyPassHash gives an exponential increase in the search space an
>> attacker needs to explore while only increasing the server's time by a
>> small linear factor. If you take the three passwords that are composed of
>> six random characters each and protect them with PolyPassHash, to search
>> the key space would take every computer on the planet working together
>> longer than the universe is estimated to have existed. PolyPassHash is
>> about as efficient in terms of memory, disk, and CPU time as existing
>> salted secure hash techniques. In fact, PolyPassHash is orthogonal to the
>> secure hashing technique and should integrate with (any?) other submission.
>>
>> More information about the scheme (including both technical documentation
>> and information for a more general audience) is available at:
>> https://github.com/JustinCappos/PolyPassHash
>>
>> There is also a Python implementation available in that repository and a
>> link to the C implementation (by Santiago Torres) which will be submitted
>> to the contest.
>>
>> I welcome any comments or feedback.
>>
>> Thanks,
>> Justin
>>
>
>
--
Alexandre Anzala-Yamajako
Content of type "text/html" skipped
Powered by blists - more mailing lists