| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAMtf1HvbaZBXO9+5hr+x-wnSjPDOR1L6DHxdR3G+=8+TMSA4XA@mail.gmail.com>
Date: Thu, 25 Jun 2015 22:16:59 +0800
From: Ben Harris <mail@...rr.is>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Why protect against side channel attacks
On 25 Jun 2015 9:59 pm, "Krisztián Pintér" <pinterkr@...il.com> wrote:
>
> On Thu, Jun 25, 2015 at 3:17 PM, Ben Harris <mail@...rr.is> wrote:
> > But no, the salt is better considered as "sensitive" and treated in the
same
> > respect as the password hash.
>
> secret salt disables server relief
For some implementations of server relief. You could have the client send
the password and the server reply with hash(password, salt) which the
client then does stretching on.
Though I'm probably missing some obvious reason why that won't work.
Content of type "text/html" skipped
Powered by blists - more mailing lists