lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 24 Jun 2015 19:03:36 -0300
From: Marcos Simplicio <>
Subject: Re: [PHC] RE: Why protect against side channel attacks

On 24-Jun-15 18:44, Marsh Ray wrote:
> To Greg's excellent summary I would just add a couple of further points, probably all have been mentioned before.

>> Suppose a slow-memory attack was demonstrated, and suddenly the attacker hash rate goes up by 10x
> While this sounds dramatic, and is technically a cryptographic weakness, it's not as big of an impact as it sounds. It's a loss of 3.2 bits of security which could be approximately compensated for by increasing the minimum password length by a single character.

Just to add to the discussion: NIST does have attempted to measure the
number of bits a character would have in its SP.800.63-2, Appendix A

By their estimates, each character adds ~1 bit of security after we pass
the threshold of 8 alphanumeric chars, even if we assume that the system
validates that the password is not in a dictionary and follows good
composition rules (see Table A.1).

These estimates may certainly be too pessimistic (and I tend to believe
so), but, by their analysis, 3 bits is a lot :)

(Note that this is not intended as an argument against side-channel
resistance, but only to say that, when dealing with passwords, every bit



Powered by blists - more mailing lists