lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 30 Mar 2015 12:40:08 +0200
From: Dmitry Chestnykh <dmitry@...ingrobots.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Salt

> Instead, we claim that a password hashing function is secure against
> attack A if salt satisfies properties P. For instance, suppose that an
> adversary looks for a preimage to any of the given set of password
> hashes, where salts are stored in cleartext. Iff the salts are unique,
> then any password attempt would work for a single hash only (whereas
> if the salt repeats for N passwords, a password is essentially tried
> for N hashes simultaneously). Thus in this setting salt should be

Great, that’s indeed what’s needed. It would be nice if the winner(s) of PHC would write down such claims in their specs, so that users know what they can do with salt and what consequences they’ll have.

Thank you!

-- 
Dmitry Chestnykh
Coding Robots
http://www.codingrobots.com

Powered by blists - more mailing lists