lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 17 Sep 2014 12:03:08 +0200
From: Krisztián Pintér <pinterkr@...il.com>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>
Subject: Re: [PHC] omegacrypt and timing

On Wed, Sep 17, 2014 at 11:53 AM, Dmitry Khovratovich
<khovratovich@...il.com> wrote:
> The running time will be different, but the question is how you are going to
> exploit it without full hashing.

it is not the only question. we are focusing too much on a single
attack: someone having the hashed value, and trying to brute force the
password. however, we also have the possibility that the attacked does
not have the hash, but can listen in on side channels. if the hash
function is side channel protected, attacker learns zero information.
if there is a timing option, he can infer the password, through brute
forcing, solely on timing information. the attack went from impossible
to unfeasible.

before you say, okay, but it is still unfeasible, here is some
addition: what if i have some information about the password (i hacked
another site, and i know the password choosing habits of said
individual), and i can guess the password in 1 million tries. i can't
attempt to log in a million times, but i can monitor timing, and then
brute force a 1M search space within a reasonable timeframe. this
attack is not possible with timing resistant algorithms.

Powered by blists - more mailing lists