lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 18 Sep 2014 10:35:31 -0400
From: Peregrine <peregrinebf@...il.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] omegacrypt and timing

On Thu, Sep 18, 2014 at 10:11 AM, Krisztián Pintér <pinterkr@...il.com>
wrote:

> On Thu, Sep 18, 2014 at 3:50 PM, Peregrine <peregrinebf@...il.com> wrote:
> > The lack of decline in offline attacks against descrypt, bcrypt, and
> scrypt
> > indicates that it's cheaper/easier to do than to use a timing attack.
>
> not necessarily. mounting a timing attack is not possible in general,
> you need to be in a very lucky situation. so for a general attacker,
> brute force is the only way. however, there are some cases in which
> such attacks might be feasible. the fact that we have never seen such
> attacks can simply mean nobody was lucky enough to be in that case.
> also note that the spread of scrypt is not very high. most libraries
> and APIs don't even have it. the situation could potentially be very
> different if scrypt would be the default pbkdf in windows and apache.
>
> to paraphrase an old joke: what is the difference between a
> theoretical and a practical attack? six months.
>

I'd call "not possible in general" a good reason that it's still easier to
use an offline attack than a timing attack. It's only situations like
improperly secured shared hosting where such things are currently
practical. Sadly, cheap shared hosting is often improperly secured.

Content of type "text/html" skipped

Powered by blists - more mailing lists