lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 10 Dec 2014 16:03:22 +0300
From: Solar Designer <solar@...nwall.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] CPU attackers

On Wed, Dec 10, 2014 at 06:29:43AM -0500, Bill Cox wrote:
> On Tue, Dec 9, 2014 at 5:32 PM, Kriszti??n Pint??r <pinterkr@...il.com> wrote:
> > > - defense against GPU/FPGA/ASIC attackers
> >
> > what about CPU attackers? consider a botnet or cloud computing.
> 
> Your entry is the only one other than Yescrypt and EARWORM that I see
> supporting ROM, IIRC.  This is potentially an excellent authentication
> server defense, though it does not help much when hashing passwords on a
> user's PC.

My understanding is that Gambit's ROM is totally different from
EARWORM's and yescrypt's.  Gambit's ROM is limited to be roughly same
size as another candidate's RAM usage for the same running time, and
it's accessed sequentially (since Gambit focuses on cache-timing
resistance), so it does not provide the same kind of defense that
EARWORM and yescrypt do.  It's more like a way to add a medium-sized
local parameter than a way to introduce much ROM-port-hardness.

I'm not saying it's "bad".  It's a reasonable thing to have in there.
It's just a different thing.

> I've been running a node in the Yescrypt based fork of BitCoin.  Whenever
> the value of this currency on a crypto-currency exchange passes some
> threashold, there is an immediate huge increase in work factor as an
> enormous number of nodes come online.  As soon as the value drops below
> some threashold, all the worker nodes go away.  Also, now and then I
> suddenly can "win" multiple times in a couple hours, as if most of the
> other workers were taking a break.  The identities of these worker nodes
> are hidden behind pools.  Before the pools started, this instant huge swing
> in worker nodes never happened.
> 
> My guess is that the currency is being mined by one or two botnets, which
> hide behind the pools.

I think you'd likely see this sort of behavior of alt-coin miners with
no botnets involved.  You're just guessing about the botnets.  These
could as well be Amazon EC2 nodes or idle servers that someone admins.

That said, surely there is some cryptocoin mining on compromised systems.

Alexander

Powered by blists - more mailing lists