[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CA+hr98HheC6C4exY_t5kVbHUKw-_MbWXScPdDviWk+qX6KXxdw@mail.gmail.com>
Date: Wed, 17 Sep 2014 12:03:08 +0200
From: Krisztián Pintér <pinterkr@...il.com>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>
Subject: Re: [PHC] omegacrypt and timing
On Wed, Sep 17, 2014 at 11:53 AM, Dmitry Khovratovich
<khovratovich@...il.com> wrote:
> The running time will be different, but the question is how you are going to
> exploit it without full hashing.
it is not the only question. we are focusing too much on a single
attack: someone having the hashed value, and trying to brute force the
password. however, we also have the possibility that the attacked does
not have the hash, but can listen in on side channels. if the hash
function is side channel protected, attacker learns zero information.
if there is a timing option, he can infer the password, through brute
forcing, solely on timing information. the attack went from impossible
to unfeasible.
before you say, okay, but it is still unfeasible, here is some
addition: what if i have some information about the password (i hacked
another site, and i know the password choosing habits of said
individual), and i can guess the password in 1 million tries. i can't
attempt to log in a million times, but i can monitor timing, and then
brute force a 1M search space within a reasonable timeframe. this
attack is not possible with timing resistant algorithms.
Powered by blists - more mailing lists