lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 24 Jun 2015 19:03:36 -0300
From: Marcos Simplicio <mjunior@...c.usp.br>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] RE: Why protect against side channel attacks


On 24-Jun-15 18:44, Marsh Ray wrote:
> To Greg's excellent summary I would just add a couple of further points, probably all have been mentioned before.
> 

>> Suppose a slow-memory attack was demonstrated, and suddenly the attacker hash rate goes up by 10x
> 
> While this sounds dramatic, and is technically a cryptographic weakness, it's not as big of an impact as it sounds. It's a loss of 3.2 bits of security which could be approximately compensated for by increasing the minimum password length by a single character.

Just to add to the discussion: NIST does have attempted to measure the
number of bits a character would have in its SP.800.63-2, Appendix A
(http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63-2.pdf)

By their estimates, each character adds ~1 bit of security after we pass
the threshold of 8 alphanumeric chars, even if we assume that the system
validates that the password is not in a dictionary and follows good
composition rules (see Table A.1).

These estimates may certainly be too pessimistic (and I tend to believe
so), but, by their analysis, 3 bits is a lot :)

(Note that this is not intended as an argument against side-channel
resistance, but only to say that, when dealing with passwords, every bit
counts).

BR,

Marcos.

Powered by blists - more mailing lists