| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 18 Sep 2014 10:35:31 -0400
From: Peregrine <peregrinebf@...il.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] omegacrypt and timing
On Thu, Sep 18, 2014 at 10:11 AM, Krisztián Pintér <pinterkr@...il.com>
wrote:
> On Thu, Sep 18, 2014 at 3:50 PM, Peregrine <peregrinebf@...il.com> wrote:
> > The lack of decline in offline attacks against descrypt, bcrypt, and
> scrypt
> > indicates that it's cheaper/easier to do than to use a timing attack.
>
> not necessarily. mounting a timing attack is not possible in general,
> you need to be in a very lucky situation. so for a general attacker,
> brute force is the only way. however, there are some cases in which
> such attacks might be feasible. the fact that we have never seen such
> attacks can simply mean nobody was lucky enough to be in that case.
> also note that the spread of scrypt is not very high. most libraries
> and APIs don't even have it. the situation could potentially be very
> different if scrypt would be the default pbkdf in windows and apache.
>
> to paraphrase an old joke: what is the difference between a
> theoretical and a practical attack? six months.
>
I'd call "not possible in general" a good reason that it's still easier to
use an offline attack than a timing attack. It's only situations like
improperly secured shared hosting where such things are currently
practical. Sadly, cheap shared hosting is often improperly secured.
Content of type "text/html" skipped
Powered by blists - more mailing lists