|
Message-ID: <20120603014005.GA7624@openwall.com> Date: Sun, 3 Jun 2012 05:40:05 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: "Password security: past, present, future" presentation slides are now online On Fri, Jun 01, 2012 at 01:02:12PM -0600, Stephen John Smoogen wrote: > [...] this is > actually 3 different lectures packed into one. [Far past state, > present state, future state.] Yes. I thought of making them separate (or rather past+present is one and future is another), but that would not match PHDays schedule, and even if it would, then some people attending the future would not have listened to past+present before, and vice versa (I imagine some would get bored during a 50-minute past+present and miss the interesting future stuff as a result). A video is now available at: http://digitaloctober.com/event/positive_hack_days Scroll down to "Day two. Broadcast of the main event", then choose "13:59 Alexander (Solar designer) Peslyak, Password security: past, present, future". I haven't checked it out myself yet, though, since they require Flash and won't just let me download the video. ;-( So I don't know if it's any good. ;-) I was speaking Russian, and there was (supposed to be) synchronous translation to English (which I imagine was really tough for the translator given the topic and the pace!) Yet the slides were in English only, as you have seen. This choice had been agreed upon as the best with the event organizers, given that over 90% of the audience was Russian-speaking, but could read technical English. The online videos are (supposed to be) in both languages (you choose). > One thing I would have been interested > in was not as much the cryptographic speed ups as the guessing > speedups. Using the markov modes, smart guesses and even the way > incremental tries to find as many via various patterns is the what I > find intriguing as they are they are the techniques that will be used > against even super slow authentication methods for good results.. Maybe, but this was mostly off-topic for my talk as it would not help me talk about future KDFs: we need better KDFs anyway, and the criteria are the same anyway (the best we can get). Yes, there's also room for improvement in password policies, although my gut feeling is that right now passwdqc is more satisfactory as it is than the best KDFs currently in use (maybe excluding only scrypt, but it is not in use for password authentication yet). In other words, I expect that in a few years from now we won't be able to substantially improve upon passwdqc (considering that a password policy needs to be not only effective, but also easy to explain), but I see substantial room for improvement in KDFs and in the way they're used by companies with large userbases (the host-unreadable local parameter idea). A next generation phpass is especially desirable since frankly the "last resort fallback" code that I wrote in 2004 for what became the current phpass and that turned out to be the only thing web apps would actually accept in 2007 is just not good enough by the modern full set of criteria, and now that we have a foot in the door (as I said in one of the slides) there's not only a need, but also a chance to replace it with a more elaborate alternative (to be designed). However, as I also said in my talk, we must resist the temptation and not do it prematurely. This needs serious consideration, experiments (not in released versions of any apps, though!), discussions - so that we arrive at something that would be both good enough and universally accepted. This might take a few years. Thanks, Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.