lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CA+hr98HFF+JJFfNhLA7vrwUJDXBTA_Z+L503JWuWHf250h-ULA@mail.gmail.com> Date: Thu, 25 Jun 2015 16:36:04 +0200 From: Krisztián Pintér <pinterkr@...il.com> To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net> Subject: Re: [PHC] Why protect against side channel attacks On Thu, Jun 25, 2015 at 4:16 PM, Ben Harris <mail@...rr.is> wrote: >> secret salt disables server relief > > You could have the client send > the password and the server reply with hash(password, salt) which the client > then does stretching on. i guess it would, but adds one more round of communication, and also removes the benefit of not needing the password ever leave the client. all this hassle just to be able to use something that should not be used in the first place anyway.
Powered by blists - more mailing lists