[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Cryptography] Why don't we protect passwords properly?
Arnold Reinhold (at Wednesday, December 25, 2013, 8:29:20 PM):
> You forgot the most important criteria, parameterizable to not
1, i did not and 2, this is not the most important criteria. the most
important is safety.
> I'm not aware of any side channel attacks on even individual stored
i'm also not aware of any attacks against pbkdf2, or even a homegrown
repeated md5. just because it did not happen so far is not enough to
trust the algorithm.
> If you are really concerned about side channels, note that scrypt
> begins with a PBKDF2 call
the exact problem with side channel attacks is that the circumvent
other layers, opening other attack routes.
> I hope the current KDF competition comes up with better solutions,
that is sure, me too.
> but that is no excuse for failing to provide strong protection
like for example pbkdf2. (let me just stress like the thousandth time
that i don't like it. but it is safe, standard, and cpu-hungry.) in
comparison, scrypt is better in many situations, while worse or even
broken in some other situations. use with care.