| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20150625072616.GA2738@openwall.com> Date: Thu, 25 Jun 2015 10:26:16 +0300 From: Solar Designer <solar@...nwall.com> To: discussions@...sword-hashing.net Subject: Re: [PHC] Why protect against side channel attacks On Thu, Jun 25, 2015 at 03:06:08PM +0800, Ben Harris wrote: > On 25 June 2015 at 14:25, Solar Designer <solar@...nwall.com> wrote: > > > In fact, to fully defeat the attack, it is sufficient to have s or h; > > it is not necessary to have both. (In practice, it may be helpful to > > have both for other reasons.) > > 'h' being preferred over 's', as a system without 'h' would still leak > password information as identical passwords would have the same > side-channel data. You're right. Thank you for correcting me. Side-channels aside, there are other good reasons why per-hash salts are important to have even in presence of a system-wide secret. Alexander
Powered by blists - more mailing lists