lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 03 Apr 2014 09:08:53 -0400
From: Daniel Franke <>
Subject: Re: [PHC] Deliberately GPU-friendly password hashes?

Steve Thomas <> writes:

> Parallel it's SIMD, GPU, FPGA, and ASIC friendly. It's not memory-hard,
> but as a defender you can use whatever hardware the attacker is using.
> Well besides maybe ASICs but it depends on how interface to them is. If
> it's a simple send password and salt or initial key and get a hash back
> then yes, but if it's a here's the salt and hash now let me send you a
> bunch of passwords to test and ask if one of the last N passwords match
> then it won't work.

I don't like the threat model implied by the argument you're
making. You're assuming that the defender gets to adapt his algorithm
and parameter choices to the attacker's hardware choices. The reality is
the other way around.

Powered by blists - more mailing lists