[148716] in cryptography@c2.net mail archive
Re: [Cryptography] Why don't we protect passwords properly?
daemon@ATHENA.MIT.EDU (=?iso-8859-15?Q?Kriszti=E1n_Pint=E)
Wed Dec 25 15:05:04 2013
X-Original-To: cryptography@metzdowd.com
Date: Wed, 25 Dec 2013 20:51:11 +0100
From: =?iso-8859-15?Q?Kriszti=E1n_Pint=E9r?= <pinterkr@gmail.com>
To: Arnold Reinhold <agr@me.com>
In-Reply-To: <6601C912-7CCC-44B9-A777-EDAA884C454E@me.com>
Cc: Cryptography <cryptography@metzdowd.com>, scrypt@tarsnap.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
Arnold Reinhold (at Wednesday, December 25, 2013, 8:29:20 PM):
> You forgot the most important criteria, parameterizable to not
1, i did not and 2, this is not the most important criteria. the most
important is safety.
> I'm not aware of any side channel attacks on even individual stored
> passwords
i'm also not aware of any attacks against pbkdf2, or even a homegrown
repeated md5. just because it did not happen so far is not enough to
trust the algorithm.
> If you are really concerned about side channels, note that scrypt
> begins with a PBKDF2 call
the exact problem with side channel attacks is that the circumvent
other layers, opening other attack routes.
> I hope the current KDF competition comes up with better solutions,
that is sure, me too.
> but that is no excuse for failing to provide strong protection
like for example pbkdf2. (let me just stress like the thousandth time
that i don't like it. but it is safe, standard, and cpu-hungry.) in
comparison, scrypt is better in many situations, while worse or even
broken in some other situations. use with care.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
