| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 17 Sep 2014 12:03:08 +0200 From: Krisztián Pintér <pinterkr@...il.com> To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net> Subject: Re: [PHC] omegacrypt and timing On Wed, Sep 17, 2014 at 11:53 AM, Dmitry Khovratovich <khovratovich@...il.com> wrote: > The running time will be different, but the question is how you are going to > exploit it without full hashing. it is not the only question. we are focusing too much on a single attack: someone having the hashed value, and trying to brute force the password. however, we also have the possibility that the attacked does not have the hash, but can listen in on side channels. if the hash function is side channel protected, attacker learns zero information. if there is a timing option, he can infer the password, through brute forcing, solely on timing information. the attack went from impossible to unfeasible. before you say, okay, but it is still unfeasible, here is some addition: what if i have some information about the password (i hacked another site, and i know the password choosing habits of said individual), and i can guess the password in 1 million tries. i can't attempt to log in a million times, but i can monitor timing, and then brute force a 1M search space within a reasonable timeframe. this attack is not possible with timing resistant algorithms.
Powered by blists - more mailing lists