lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 6 May 2014 14:03:06 -0700
From: "Dennis E. Hamilton" <dennis.hamilton@....org>
To: <discussions@...sword-hashing.net>
Subject: RE: [PHC] Hashing password while typing

Overlapping hashing and keystroke entries also doesn’t work well when a password is copy and pasted into the entry from a password safe via a clipboard.
 
This seems to have a limited use case when keystrokes are being entered to a local application (or a terminal session) and processed individually as received.  That’s not exactly the common case, especially in GUI settings and use of form fields.  
 
-   Dennis
 
From: Bill Cox [mailto:waywardgeek@...il.com] 
Sent: Tuesday, May 6, 2014 07:55
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Hashing password while typing
 
On Tue, May 6, 2014 at 10:43 AM, Thomas Pornin <pornin@...et.org <mailto:pornin@...et.org> > wrote:
Thus, I don't exactly understand what you are trying to say here.


        --Thomas Pornin
 
Well, I did call it a "dumb" idea :-)  I get inflicted with them a lot.  I agree... it doesn't seem like there's much to be gained with such an approach.  I was hoping someone might see a way to get around the precomputed prefix problem.  I haven't found one.
 
Bill

Content of type "text/html" skipped

Powered by blists - more mailing lists