lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 4 May 2015 20:41:26 +0200
From: Krisztián Pintér <>
Subject: Re: [PHC] Maximising Pseudo-Entropy versus resistance to Side-Channel Attacks

Solar Designer (at Monday, May 4, 2015, 7:52:19 PM):

> The hashing scheme has to be specifically
> designed such that "as long as the salts are not known/predictable by
> the attacker", it is immune to side-channel attacks.  And ideally this
> should be easy to see.  I think in (ye)scrypt it is easy to see (even
> though in scrypt this probably wasn't a deliberate design goal).

and since there is no 100% side channel proof algorithm, we should
demand this property from all hashes.

submission version gambit was not protected. current version is, since
i implemented the crypto module approach. and i just now recalled that
the lecture that inspired me to do that is exactly about this.

find here

Sweta Mishra (rig team) - Cryptographic module based approach for
password hashing schemes

Powered by blists - more mailing lists