lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 23 Mar 2015 08:45:37 -0700
From: Bill Cox <waywardgeek@...il.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] PHC: survey and benchmarks

Hopefully they will take some feedback for corrections.  They mistakenly
call Yescrypt non-RAM hard and lump it with Makwa.  They did not test it
with significant men size either...
On Mar 23, 2015 7:08 AM, "Jean-Philippe Aumasson" <
jeanphilippe.aumasson@...il.com> wrote:

> This just appeared: http://eprint.iacr.org/2015/265
>
> Abstract:
> Password hashing is the common approach for maintaining users'
> password-related information that is later used for authentication. A
> hash for each password is calculated and maintained at the service
> provider end. When a user logins the service, the hash of the given
> password is computed and contrasted with the stored hash. If the two
> hashes match, the authentication is successful. However, in many cases
> the passwords are just hashed by a cryptographic hash function or even
> stored in clear. These poor password protection practises have lead to
> efficient attacks that expose the users' passwords. PBKDF2 is the only
> standardized construction for password hashing. Other widely used
> primitives are bcrypt and scrypt. The low variety of methods derive
> the international cryptographic community to conduct the Password
> Hashing Competition (PHC). The competition aims to identify new
> password hashing schemes suitable for widespread adoption. It started
> in 2013 with 22 active submissions. Nine finalists are announced
> during 2014. In 2015, a small portfolio of schemes will be proposed.
> This paper provides the first survey and benchmark analysis of the 22
> proposals. All proposals are evaluated on the same platform over a
> common benchmark suite. We measure the execution time, code size and
> memory consumption of PBKDF2, bcrypt, scrypt, and the 22 PHC schemes.
> The first round results are summarized along with a benchmark analysis
> that is focused on the nine finalists and contributes to the final
> selection of the winners.
>

Content of type "text/html" skipped

Powered by blists - more mailing lists