oss-sec mailing list archives
password hashing
From: Solar Designer <solar () openwall com>
Date: Sun, 7 Oct 2012 02:50:34 +0400
Hi, I was too shy to spam oss-security with this, but a list member (who is also on Openwall's announce list) asked me to. Armed with this excuse, let me tell you that I made two presentations on password hashing this year. It's everything you wanted to know about password hashing since 1960s to present day and the near future, and more. ;-) Password security: past, present, future (with strong bias towards password hashing) http://www.openwall.com/presentations/PHDays2012-Password-Security/ Password hashing at scale (for Internet companies with millions of users) http://www.openwall.com/presentations/YaC2012-Password-Hashing-At-Scale/ Discussion of the latter at /r/crypto: http://www.reddit.com/r/crypto/comments/10zjdo/password_hashing_for_orgs_with_millions_of_users/ and on john-users (click "thread-next"): http://www.openwall.com/lists/john-users/2012/10/05/3 (I intend to reply to the questions raised further in that thread.) SHA-3 is deliberately not mentioned on the slides yet. I briefly thought of retroactively adding a few mentions of it (YaC 2012 was a day too early), but decided not to. SHA-3 should be similar to DES (read: very good) in context of possible defensive use of FPGAs. As to PBKDF2-HMAC-SHA-3, things are less clear, although it's probably weaker than PBKDF2-HMAC-SHA-512 (is it also weaker than -SHA-256? than -SHA-1? not sure). (In this context, "weaker" means it allows for even more efficient attack-optimized implementations than the other hash type, resulting in higher passwords tested per second rate for the same processing cost of defensive use.) I prefer to keep only fairly reliable information on the slides, and not speculate on important issues there (but I do speculate here, as you can see). Those of you who follow @solardiz on Twitter probably already know a bit more on my expectations and reasoning for throughput-optimized parallelized implementations of SHA-3, due to the too-many-tweet conversation I had with @marshray. ;-) Alexander
Current thread:
- password hashing Solar Designer (Oct 06)
- Re: password hashing Josh Bressers (Oct 08)
- Re: password hashing Solar Designer (Oct 09)
- Re: password hashing Josh Bressers (Oct 10)
- Re: password hashing Solar Designer (Oct 09)
- Re: password hashing Josh Bressers (Oct 08)