Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 10 Dec 2012 07:47:10 +0100
From: Lukas Odzioba <lukas.odzioba@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Password hashing at scale (for Internet companies
 with millions of users) - YaC 2012 slides

http://www.jupiterbroadcasting.com/27761/tales-from-the-bcrypt-techsnap-85/

Here guys are talking about Alexander's "Password gashing at scale"
talk at Yac2012
Starts at 1:07:45

Video is available in different formats.

Happy watching,
Lukas

2012/10/5 Solar Designer <solar@...nwall.com>:
> Hi,
>
> The slides for my YaC 2012 talk "Password hashing at scale" are now online:
>
> http://www.openwall.com/presentations/YaC2012-Password-Hashing-At-Scale/
>
> In this talk, I have focused on approaches to and challenges with
> setting up better password hashing for Internet companies with millions
> of users.  Some of the topics covered are possible use of HSMs (and
> YubiHSM as a specific example), how much password stretching can be
> afforded, different password hash types (including what's wrong with
> PBKDF2, bcrypt, scrypt, possible revisions of scrypt), trade-offs with
> using memory-hard KDFs in general, possible defensive use of GPUs,
> Xeon Phi coprocessor, FPGAs.
>
> SHA-3 is deliberately not mentioned on the slides yet.  I briefly
> thought of retroactively adding a few mentions of it (YaC 2012 was a day
> too early), but decided not to.  SHA-3 should be similar to DES (read:
> very good) in context of possible defensive use of FPGAs.  As to
> PBKDF2-HMAC-SHA-3, things are less clear, although it's probably weaker
> than PBKDF2-HMAC-SHA-512 (is it also weaker than -SHA-256? than -SHA-1?
> not sure).  (In this context, "weaker" means it allows for even more
> efficient attack-optimized implementations than the other hash type,
> resulting in higher passwords tested per second rate for the same
> processing cost of defensive use.)  I prefer to keep only fairly
> reliable information on the slides, and not speculate on important
> issues there (but I do speculate here, as you can see).  Those of you
> who follow @solardiz on Twitter probably already know a bit more on my
> expectations and reasoning for throughput-optimized parallelized
> implementations of SHA-3, due to the too-many-tweet conversation I had
> with @marshray. ;-)
>
> Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.