lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <004001d01626$2560bed0$70223c70$@acm.org> Date: Fri, 12 Dec 2014 08:10:27 -0800 From: "Dennis E. Hamilton" <dennis.hamilton@....org> To: <discussions@...sword-hashing.net> Subject: RE: [PHC] How important is salting really? -----Original Message----- From: epixoip [mailto:epixoip@...dshell.nl] Sent: Friday, December 12, 2014 03:13 To: discussions@...sword-hashing.net Subject: Re: [PHC] How important is salting really? [ ... ] In other words, an algorithm must not rely on solely upon salting. In other other words, something like sha256(s.p) is insufficient. <orcnote> I am having difficulty understanding the case where H_i = hash(salt_i, pw_i*) is necessary but not sufficient. It would help me to understand the use case better. Assume that everything above but pw_i* is known to the adversary. The "hash" is a cryptographically adequate near-one-way transformation and whatever the work factor and resource costs are, they are not too costly for the defender. Now, for a corpus of (salt_i, H_i) pairs, salt_i Are assured to be unique. Assume salt_i and H_i are of the same order (number of bits) and the salt_i are at least half cryptographically- random bits. What are the search model and initial conditions such that cracking one pair for pw_i* makes cracking a different pair easier to any practical degree? Put differently, what must N, the size of the corpus being attacked, be for the N-th crack to be twice as fast as the first, and how does that work out as an average cost per crack? I think this fits the password-hashing conditions, with regard to the presumption that all but the pw_i* are disclosed (and any other parameters are fixed for the given corpus). </orcnote>
Powered by blists - more mailing lists