| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <5BFFA36F-1084-41E1-A9D9-EE20B9CC689F@taplink.co> Date: Fri, 13 Mar 2015 09:34:28 -0400 From: Jeremy Spilman <jeremy@...link.co> To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net> Subject: Re: [PHC] Password hashing by itself is not enough > On Mar 13, 2015, at 8:43 AM, Justin Cappos <jcappos@....edu> wrote: > > Multiple passwords protect a secret that obscures all of the hashes. This makes it so that groups of passwords must be checked together and all must be correct to learn if any were correct. Or, pull the secret from memory when you steal the hashes? I do think it's a very innovative way to hide a key! How does it compare to, say, a pepper which is only kept in RAM? In either case you need some admin (threshold account) input when the server first boots to ensure all users can immediate start logging in. In either case the secret can be stolen over the network from a compromised server. The volatile pepper would be just 32-64 byte rand, so either you steal it from RAM and you crack passwords as usual, or you don't steal it and you crack zero passwords. The PolyPass secret key has an effective entropy probably close enough to that to achieve the same effect, assuming public users can't stuff the database with their own accounts to be able to reconstruct the secret.
Powered by blists - more mailing lists