Date: Wed, 10 Dec 2014 06:29:43 -0500
From: Bill Cox <waywardgeek@...il.com>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>
Subject: CPU attackers

On Tue, Dec 9, 2014 at 5:32 PM, Krisztián Pintér <pinterkr@...il.com> wrote:

>
> since we are waiting for the decision details, why not review the
> criteria meanwhile?
>
> > - defense against GPU/FPGA/ASIC attackers
>
> what about CPU attackers? consider a botnet or cloud computing.
>
>
Your entry is the only one other than Yescrypt and EARWORM that I see
supporting ROM, IIRC.  This is potentially an excellent authentication
server defense, though it does not help much when hashing passwords on a
user's PC.

I've been running a node in the Yescrypt based fork of BitCoin.  Whenever
the value of this currency on a crypto-currency exchange passes some
threashold, there is an immediate huge increase in work factor as an
enormous number of nodes come online.  As soon as the value drops below
some threashold, all the worker nodes go away.  Also, now and then I
suddenly can "win" multiple times in a couple hours, as if most of the
other workers were taking a break.  The identities of these worker nodes
are hidden behind pools.  Before the pools started, this instant huge swing
in worker nodes never happened.

My guess is that the currency is being mined by one or two botnets, which
hide behind the pools.

While the MiB may have 1,000,000 times more money to spend on hardware
crackers than an average user, the botnets have a million times more
hardware, and it costs them little to use.  I did not appreciate the
severity of this threat when I started working on my entry.  If I were
doing it over, I would add support for ROM, so at least authentication
servers, and users willing to buy large memory or SSDs for this purpose,
could be secured against botnets.

Bill

Content of type "text/html" skipped

Powered by blists - more mailing lists