lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 18 Sep 2014 10:35:31 -0400
From: Peregrine <>
Subject: Re: [PHC] omegacrypt and timing

On Thu, Sep 18, 2014 at 10:11 AM, Krisztián Pintér <>

> On Thu, Sep 18, 2014 at 3:50 PM, Peregrine <> wrote:
> > The lack of decline in offline attacks against descrypt, bcrypt, and
> scrypt
> > indicates that it's cheaper/easier to do than to use a timing attack.
> not necessarily. mounting a timing attack is not possible in general,
> you need to be in a very lucky situation. so for a general attacker,
> brute force is the only way. however, there are some cases in which
> such attacks might be feasible. the fact that we have never seen such
> attacks can simply mean nobody was lucky enough to be in that case.
> also note that the spread of scrypt is not very high. most libraries
> and APIs don't even have it. the situation could potentially be very
> different if scrypt would be the default pbkdf in windows and apache.
> to paraphrase an old joke: what is the difference between a
> theoretical and a practical attack? six months.

I'd call "not possible in general" a good reason that it's still easier to
use an offline attack than a timing attack. It's only situations like
improperly secured shared hosting where such things are currently
practical. Sadly, cheap shared hosting is often improperly secured.

Content of type "text/html" skipped

Powered by blists - more mailing lists