lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CA+hr98Exit9VudgndGKFFNVy35Hyfk=mTBGGJ8MHna4sbE5mpA@mail.gmail.com>
Date: Thu, 18 Sep 2014 16:11:06 +0200
From: Krisztián Pintér <pinterkr@...il.com>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>
Subject: Re: [PHC] omegacrypt and timing

On Thu, Sep 18, 2014 at 3:50 PM, Peregrine <peregrinebf@...il.com> wrote:
> The lack of decline in offline attacks against descrypt, bcrypt, and scrypt
> indicates that it's cheaper/easier to do than to use a timing attack.

not necessarily. mounting a timing attack is not possible in general,
you need to be in a very lucky situation. so for a general attacker,
brute force is the only way. however, there are some cases in which
such attacks might be feasible. the fact that we have never seen such
attacks can simply mean nobody was lucky enough to be in that case.
also note that the spread of scrypt is not very high. most libraries
and APIs don't even have it. the situation could potentially be very
different if scrypt would be the default pbkdf in windows and apache.

to paraphrase an old joke: what is the difference between a
theoretical and a practical attack? six months.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ