lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 24 Jun 2015 17:48:39 -0700
From: Bill Cox <waywardgeek@...il.com>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>
Subject: Re: [PHC] Why protect against side channel attacks

On Wed, Jun 24, 2015 at 5:31 PM, Marsh Ray <maray@...rosoft.com> wrote:

>  >  However, it is expensive per password cracked, similar to an off-line
> attack, maybe 2-6X cheaper.
>
>
>
> Keep in mind about half of typical users tend to pick passwords from the
> 10,000 most common.
>

Agreed.  Password hashing alone is not enough.  I recommend the use of
extra security layers, such as secret-salt, master keys, large ROMs, and
such.  Even more important is an authentication system that uses all
available signals to detect accounts under attack, and take countermeasures.


> For this huge set of users, a successful side channel leak means they are
> compromised, regardless of it taking *amortized* 6x more work for the
> attacker.
>
>
> Huh?

They're passwords are only compromised if an attacker already breached the
salt database, yet failed to gain access to the password hash database, and
only if the attacker can associate usernames with the salts and cache
timing data.  This should be rare.

I can tell there are a lot of mathematicians on this list.  A mathematical
definition of "compromised" would mean that an attacker learns exactly
nothing, or the system is "broken".  If an attacker learns that somewhere
in the world, an unknown user logged in at exactly 10:38AM, then the system
is "broken".  User authentication is a sticky wet mess.  Clean mathematical
lines like this are not particularly useful.

Bill

Content of type "text/html" skipped

Powered by blists - more mailing lists