lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <005701cf696e$954e7620$bfeb6260$@acm.org>
Date: Tue, 6 May 2014 14:03:06 -0700
From: "Dennis E. Hamilton" <dennis.hamilton@....org>
To: <discussions@...sword-hashing.net>
Subject: RE: [PHC] Hashing password while typing
Overlapping hashing and keystroke entries also doesn’t work well when a password is copy and pasted into the entry from a password safe via a clipboard.
This seems to have a limited use case when keystrokes are being entered to a local application (or a terminal session) and processed individually as received. That’s not exactly the common case, especially in GUI settings and use of form fields.
- Dennis
From: Bill Cox [mailto:waywardgeek@...il.com]
Sent: Tuesday, May 6, 2014 07:55
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Hashing password while typing
On Tue, May 6, 2014 at 10:43 AM, Thomas Pornin <pornin@...et.org <mailto:pornin@...et.org> > wrote:
Thus, I don't exactly understand what you are trying to say here.
--Thomas Pornin
Well, I did call it a "dumb" idea :-) I get inflicted with them a lot. I agree... it doesn't seem like there's much to be gained with such an approach. I was hoping someone might see a way to get around the precomputed prefix problem. I haven't found one.
Bill
Content of type "text/html" skipped
Powered by blists - more mailing lists