lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 21 Apr 2014 14:06:26 +0400
From: Solar Designer <>
Subject: Re: [PHC] Best use of ROM in password hashing

On Mon, Apr 21, 2014 at 01:07:34PM +0400, Solar Designer wrote:
> ROM-in-RAM (such as the 112 GiB I was testing with) can be viewed as an
> anti-botnet feature.  It's not that large that it won't be stolen, but
> it can be large enough to buy a few years of botnet resistance.  It's
> practical to keep authentication servers' current ROM-in-RAM (for newly
> set/changed passwords) 16+ times higher than a typical botnet node's RAM
> size - e.g., it can be 128 GiB in server vs. 16 GiB or less in typical
> botnet nodes now.  (I don't know what their actual RAM sizes are now.
> I guess typical is actually below 16 GiB at this time, although newly
> added computers probably do have 16 or 32 GiB of RAM now.)

Oh, obviously 128/16 = 8, not 16, but overall the point holds. ;-)


Powered by blists - more mailing lists