Re: [Cryptography] Why don't we protect passwords properly?

[Krisztián Pintér <pinterkr@gmail.com>]

Arnold Reinhold (at Wednesday, December 25, 2013, 8:29:20 PM):

> You forgot the most important criteria, parameterizable to not

1, i did not and 2, this is not the most important criteria. the most
important is safety.

> I'm not aware of any side channel attacks on even individual stored
> passwords

i'm also not aware of any attacks against pbkdf2, or even a homegrown
repeated md5. just because it did not happen so far is not enough to
trust the algorithm.

> If you are really concerned about side channels, note that scrypt
> begins with a PBKDF2 call

the exact problem with side channel attacks is that the circumvent
other layers, opening other attack routes.

> I hope the current KDF competition comes up with better solutions,

that is sure, me too.

> but that is no excuse for failing to provide strong protection

like for example pbkdf2. (let me just stress like the thousandth time
that i don't like it. but it is safe, standard, and cpu-hungry.) in
comparison, scrypt is better in many situations, while worse or even
broken in some other situations. use with care.