yescrypt: large-scale password hashing
These are the slides on yescrypt that we used at
BSidesLjubljana 2017.
In a sense, this presentation is a continuation of
Password security: past, present, future (PHDays 2012, Passwords^12),
Password hashing at scale (YaC 2012),
New developments in password hashing: ROM-port-hard functions (ZeroNights 2012), and
yescrypt: password hashing scalable beyond bcrypt and scrypt (PHDays 2014),
so you might want to check those out as well.
Also relevant is our presentation on
Energy-efficient bcrypt cracking (Passwords^14).
In this presentation, the problem of password hash cracking is framed as largely that of cost amortization,
and thus the problem of password hashing as coming up with affordably costly and amortization-resistant password hashing schemes.
In this context, rationale is given for both scrypt's sequential memory-hard hashing and yescrypt's numerous additions to it.
Finally, application of yescrypt to mass user authentication is demonstrated.
Some of the detail on the last few slides pertains to yescrypt 0.9.x and is no longer valid for yescrypt 1.0+,
but overall this slide deck still applies.
Please click on the slides for higher-resolution versions.
You can also
download a PDF file with all of the slides (24 MB) or
view them at Speaker Deck
or watch or download a video of the talk via
links off the conference website.
46659
