lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAMtf1HstQnzGWYGfZbPB4QU9C-DG+B2dfahQ6T_3SgCG3nU18g@mail.gmail.com>
Date: Tue, 16 Dec 2014 20:26:40 +0800
From: Ben Harris <ben@...rr.is>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Some KDF stumbling blocks, plus Common "memory-hard"
approaches and amortized attack costs.
On 16 December 2014 at 15:01, Christian Forler <
christian.forler@...-weimar.de> wrote:
> A password that is protected by a 256-bit key should
> withstand even state level attackers (e.g., NSA).
>
Back of the envelope calcs suggests that 128-bit should be more than
sufficient.
https://www.imperialviolet.org/2014/05/25/strengthmatching.html
BTW. At page 24, of our current Catena specification [1] we proposed a
> keyed password hashing approach that thwarts off-line attacks.
>
Page 25 I think?
Nice how it keeps the client-independent update property.
Content of type "text/html" skipped
Powered by blists - more mailing lists