| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 4 May 2015 20:22:17 +0300 From: Solar Designer <solar@...nwall.com> To: discussions@...sword-hashing.net Subject: Re: [PHC] Maximising Pseudo-Entropy versus resistance to Side-Channel Attacks On Mon, May 04, 2015 at 07:08:22PM +0200, Stefan.Lucks@...-weimar.de wrote: > On Mon, 4 May 2015, Solar Designer wrote: > > >Now our options are: use solely hashes and comparison functions that are > >side-channel safe(*) even without cryptographically random salts, or/and > >require cryptographically random salts. The latter hardens existing > >software too - such as uses of strcmp() on password hashes in lots of > >existing software. > > Not at all. Don't require cryptographically random salts, but try to > generate them nevertheless. ;-) > > THAT harends existing software too. > > This is the counterpart to requiring cryptographically random salts > without actually generating them Fair enough. > -- which would weaken your sovtware. We're already sort of requiring cryptographically random salts for bcrypt and strcmp(), if we care about those leaks. So relative to that, no, preserving the same reliance does not weaken anything. Alexander
Powered by blists - more mailing lists