Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers

yescrypt: large-scale password hashing

These are the slides we used at BSidesLjubljana 2017. In a sense, this presentation is a continuation of Password security: past, present, future (PHDays 2012, Passwords^12), Password hashing at scale (YaC 2012), New developments in password hashing: ROM-port-hard functions (ZeroNights 2012), and yescrypt: password hashing scalable beyond bcrypt and scrypt (PHDays 2014), so you might want to check those out as well. Also relevant is our presentation on Energy-efficient bcrypt cracking (Passwords^14).

In this presentation, the problem of password hash cracking is framed as largely that of cost amortization, and thus the problem of password hashing as coming up with affordably costly and amortization-resistant password hashing schemes. In this context, rationale is given for both scrypt's sequential memory-hard hashing and yescrypt's numerous additions to it. Finally, application of yescrypt to mass user authentication is demonstrated.

Please click on the slides for higher-resolution versions. You may also download a PDF file with all of the slides (24 MB) or watch or download a video of the talk via links off the conference website.

Cover slide Slide 1 Slide 2 Slide 3 Slide 4 Slide 5 Slide 6 Slide 7 Slide 8 Slide 9 Slide 10 Slide 11 Slide 12 Slide 13 Slide 14 Slide 15 Slide 16 Slide 17 Slide 18 Slide 19 Slide 20 Slide 21 Slide 22 Slide 23 Slide 24 Slide 25 Slide 26 Slide 27 Slide 28 Slide 29 Slide 30 Slide 31 Slide 32 Slide 33 Slide 34 Slide 35 Slide 36 Slide 37 Slide 38 Slide 39 Slide 40 Slide 41 Slide 42 Slide 43 Slide 44 Slide 45 Slide 46 Slide 47 Slide 48 Slide 49 Slide 50 Slide 51 Slide 52 Slide 53 Slide 54 Slide 55 Slide 56 Slide 57 Slide 58 Slide 59 Slide 60 Slide 61 Slide 62 Slide 63 Slide 64 Slide 65 Slide 66 Slide 67 Slide 68 Slide 69 Slide 70 Slide 71 Slide 72 Slide 73 Slide 74 Slide 75 Slide 76 Slide 77 Slide 78 Slide 79 Slide 80 Slide 81 Slide 82 Slide 83 Slide 84 Slide 85 Slide 86 Slide 87 Slide 88 Slide 89

Quick Comment:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ

22600