lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 3 Apr 2014 10:54:29 +0400
From: Solar Designer <solar@...nwall.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Catfish and public key hash

On Wed, Apr 02, 2014 at 08:36:01PM -0300, mjunior@...c.usp.br wrote:
> I would say that if the attacker needs more than 2x the amount of memory used by the defender to get less than a 2x speed-up, then the attacker is wasting resources: he/she could simply use two cores to get the same throughput... Unless the attacker model considers a limitation in number of cores, which does not seem to be the most common case.

It may well be the most common case (or at least a very common case):
attackers with CPUs.

While we focus on defeating GPUs/FPGAs/ASICs, let's not forget about CPUs,
which are used for password cracking a lot, simply because they're
readily available everywhere anyway (even when not most optimal for this
specific task).

So a 2x speedup for attacker vs. defender on a typical CPU+RAM system
is a major drawback.  In this case, I think the speedup is possible for
defenders as well, but only if they're willing to trade memory for it,
which may be a usability drawback (of this hashing scheme), then.

Alexander

Powered by blists - more mailing lists