|
Message-ID: <20121007201321.GA5499@openwall.com> Date: Mon, 8 Oct 2012 00:13:21 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: Password hashing at scale (for Internet companies with millions of users) - YaC 2012 slides On Fri, Oct 05, 2012 at 07:19:29AM -0500, Richard Miles wrote: > I would like to take the opportunity to open a discussion if you don't mind. Sure. BTW, these slides were also discussed at /r/crypto: http://www.reddit.com/r/crypto/comments/10zjdo/password_hashing_for_orgs_with_millions_of_users/ > Based on your slides I guess that the more appropriate recommendation for > password hashing with salt is to keep using bcrypt since it's strong and at > the same time stable / well tested. Do you agree? Sort of. It's my short-term recommendation for (smaller) orgs who don't have the resources or/and willingness e.g. to engage Openwall to have us work on a custom password hashing setup for them. ;-) Longer-term, we need to arrive at a universal replacement for bcrypt. At this time, attackers' advantage at bcrypt using existing CPUs is only about 2x (and no advantage from GPUs per-chip yet). However, next year it's expected to increase to ~4x for CPUs with AVX2 (it'd be ~8x if we consider the vector width alone, but the limiting factor may be the 32 KB L1 data cache), and Xeon Phi is expected to be an order of magnitude faster than general-purpose CPUs at cracking bcrypt. (I've addressed your question/comments on Xeon Phi and FPGA pricing in another reply in this thread.) Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.