lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 22 Aug 2014 19:50:17 +0200 (CEST)
From: Stefan.Lucks@...-weimar.de
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>
Subject: Re: [PHC] What Microsoft Would like from the PHC - Passwords14
 presentation

On Fri, 22 Aug 2014, Bill Cox wrote:

> OK, then all the hybrid designs are *not* cache timing resistant.  
> However, they all happen to be better at *defending the password* than 
> any of the cache-timing resistant algorithms, even when the attacker has 
> cache-timing data. 

Do they?

The very least the adversary can see from the hybrid designs is if the 
password is the same (same data access pattern) or has been changed 
(completely different data access pattern). This doesn't immediately help 
to find the password, but it can still be useful information ...

Stefan

------  I  love  the  taste  of  Cryptanalysis  in  the morning!  ------
     <http://www.uni-weimar.de/cms/medien/mediensicherheit/home.html>
--Stefan.Lucks (at) uni-weimar.de, Bauhaus-Universität Weimar, Germany--

Powered by blists - more mailing lists