[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAMtf1HvbaZBXO9+5hr+x-wnSjPDOR1L6DHxdR3G+=8+TMSA4XA@mail.gmail.com>
Date: Thu, 25 Jun 2015 22:16:59 +0800
From: Ben Harris <mail@...rr.is>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Why protect against side channel attacks
On 25 Jun 2015 9:59 pm, "Krisztián Pintér" <pinterkr@...il.com> wrote:
>
> On Thu, Jun 25, 2015 at 3:17 PM, Ben Harris <mail@...rr.is> wrote:
> > But no, the salt is better considered as "sensitive" and treated in the
same
> > respect as the password hash.
>
> secret salt disables server relief
For some implementations of server relief. You could have the client send
the password and the server reply with hash(password, salt) which the
client then does stretching on.
Though I'm probably missing some obvious reason why that won't work.
Content of type "text/html" skipped
Powered by blists - more mailing lists