| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAOLP8p6GgXc0-PQHJA-UMh_ZDcOj3RcdGPDvx0acdZ-EaVC_4Q@mail.gmail.com>
Date: Thu, 26 Mar 2015 09:19:08 -0700
From: Bill Cox <waywardgeek@...il.com>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>
Subject: Re: [PHC] Another PHC candidates "mechanical" tests (ROUND2)
On Thu, Mar 26, 2015 at 7:36 AM, Krisztián Pintér <pinterkr@...il.com>
wrote:
> On Thu, Mar 26, 2015 at 3:18 PM, Bill Cox <waywardgeek@...il.com> wrote:
> > I personally am now a big fan of your authentication server concept.
>
> really large companies, like amazon or google, might even be switch to
> dedicated hashing hardware in those auth servers.
>
> the usual view that defender is pc/gpu/smartphone, and attacker is
> asic, is wrong. it is pretty much possible that the attacker is a pc
> botnet / distributed computing platform, and the defender is a google
> asic.
>
I agree. My favorite ASIC defense scheme is running Makwa boxes while
doing useful proof-of-work for securing a block chain at the same time.
People wonder what we could do with all that wasted BitCoin computation.
My favorite answer is that we could do Makwa password strengthening. I
originally thought the ASIC boxes could do either block-chain computations
or Makwa password strengthening, but not both at the same time. I recently
realized that we can use the actual password strengthening computations to
also secure the block chain. Add to that the potential of securing
identity public keys in the block chain, and we can do authentication
globally, with very little MITM risk, free from the current CA mess.
Content of type "text/html" skipped
Powered by blists - more mailing lists