| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <9A043F3CF02CD34C8E74AC1594475C73F4BC8330@uxcn10-5.UoA.auckland.ac.nz> Date: Thu, 14 Jan 2016 03:15:36 +0000 From: Peter Gutmann <pgut001@...auckland.ac.nz> To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net> Subject: Slides for PHC talk A month or two back I did a talk on the PHC, not so much the technical side but a backgrounder on the problem that had to be solved and the process that arose from it. In case they're useful to anyone, I've put the slides up at https://www.cs.auckland.ac.nz/~pgut001/pubs/phc.pdf: The secure storage of passwords on servers has been a long-standing problem that rears its head again and again. In 2013 a group of security people lead by cryptographer Jean-Philippe Aumasson initiated the Password Hashing Competition (PHC), an attempt to design a new, state-of-the-art password- processing algorithm using the competitive process that gave us AES and SHA-3. The Password Hashing Competition looks at the recently-completed PHC process, both from the technical side (it inspired enormous advances in the state of the art in password-processing design) as well as the ins and outs of running a competitive process to select an algorithm that has to withstand attack by CPUs, GPUs, FPGAs, and ASICs (think Bitcoin miners), not to mention a peanut gallery of geeks all over the world. The focus of the talk is more on the mechanisms of the selection process and the decisions and tradeoffs that were made than on the low-level technical details. Peter.
Powered by blists - more mailing lists