lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 18 Sep 2014 20:59:05 -0700
From: Alex Elsayed <eternaleye@...il.com>
To: discussions@...sword-hashing.net
Subject: Missed opportunity re: unpredictable addressing?

On the bus home today, I realized something - I've seen a number of 
discussions regarding the relative merits of password-dependent access (foil 
deeply-pipelined/prefetching attackers) vs. no-secret-data-dependent-access 
(foil timing attacks), and I think they may both be satisfiable.

In particular, a salt is defined as 1.) public and 2.) random. I suspect 
that salt-dependent, password-independent addressing might well prove a 
useful trick.

It causes the access pattern of the scrambler to be unique per entry in the 
password DB, without leaking anything about secret data.

I'm working on a PoC now (which may turn out to be a _real_ PoC, I'm no 
cryptographer :P) but I wanted to get the idea out there.

The idea is that by executing a compute-hard function over the salt-derived 
lookup data at each step, we can further bound attackers. In fact, my PoC 
basically treats the salt the same as the password, except that it's also 
used to decide what to access (and as a seed for the memory-filling stage).

Powered by blists - more mailing lists