lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 26 Mar 2015 09:19:08 -0700
From: Bill Cox <>
To: "" <>
Subject: Re: [PHC] Another PHC candidates "mechanical" tests (ROUND2)

On Thu, Mar 26, 2015 at 7:36 AM, Krisztián Pintér <>

> On Thu, Mar 26, 2015 at 3:18 PM, Bill Cox <> wrote:
> > I personally am now a big fan of your authentication server concept.
> really large companies, like amazon or google, might even be switch to
> dedicated hashing hardware in those auth servers.
> the usual view that defender is pc/gpu/smartphone, and attacker is
> asic, is wrong. it is pretty much possible that the attacker is a pc
> botnet / distributed computing platform, and the defender is a google
> asic.

I agree.  My favorite ASIC defense scheme is running Makwa boxes while
doing useful proof-of-work for securing a block chain at the same time.
People wonder what we could do with all that wasted BitCoin computation.
My favorite answer is that we could do Makwa password strengthening.  I
originally thought the ASIC boxes could do either block-chain computations
or Makwa password strengthening, but not both at the same time.  I recently
realized that we can use the actual password strengthening computations to
also secure the block chain.  Add to that the potential of securing
identity public keys in the block chain, and we can do authentication
globally, with very little MITM risk, free from the current CA mess.

Content of type "text/html" skipped

Powered by blists - more mailing lists