lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 3 Apr 2014 11:08:29 -0500 (CDT)
From: Steve Thomas <steve@...tu.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Deliberately GPU-friendly password hashes?

> On April 3, 2014 at 8:53 AM Bill Cox <waywardgeek@...il.com> wrote:
>
> > On Thu, Apr 3, 2014 at 9:08 AM, Daniel Franke <dfoxfranke@...il.com> wrote:
> >
> > > Steve Thomas <steve@...tu.com> writes:
> > >
> > > Parallel it's SIMD, GPU, FPGA, and ASIC friendly. It's not memory-hard,
> > > but as a defender you can use whatever hardware the attacker is using.
> > > Well besides maybe ASICs but it depends on how interface to them is. If
> > > it's a simple send password and salt or initial key and get a hash back
> > > then yes, but if it's a here's the salt and hash now let me send you a
> > > bunch of passwords to test and ask if one of the last N passwords match
> > > then it won't work.
> >
> > I don't like the threat model implied by the argument you're
> > making. You're assuming that the defender gets to adapt his algorithm
> > and parameter choices to the attacker's hardware choices. The reality is
> > the other way around.
>
> While I agree Steve's anti-parallelism reaction could use an
> adjustment, I think Steve does have a good point about the API to the
> password hashing engine.

I feel like I'm taking crazy pills... Oh wait "Parallel" is an algorithm
I submitted as the name suggests it's very parallel. Although battcrypt,
my other submission, doesn't have any parallelism I mentioned in the paper
that it would be good to add but didn't because it would add complexity.
Also it wouldn't help in PHP since you are using built-in functions for
encrypting with Blowfish. And if you wrote interlaced Blowfish in PHP it
would be much slower.

Powered by blists - more mailing lists