[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Time Invariant String Comparison
- From: Andres Perera <andres.p@...>
- Date: Sat, 25 Jan 2014 03:41:09 -0430
On Sat, Jan 25, 2014 at 1:42 AM, William Ahern
<william@25thandclement.com> wrote:
[...]
>
> Who in their right mind would allow their website authentication system to
> spend 5 seconds (an eternity!) hogging a CPU? Especially when you could
> instead mandate passwords just three or four characters longer for the same
> benefit and without crippling your throughput?
>
> Anything over a millisecond is already too long for real websites. At that
> point, the differential between scrypt and braindead SHA256+salt is so low
> in real terms that you've hardly inconvenienced an attacker doing a
> dictionary attack on user passwords. On a database he _already_ stole, mind
> you, which should be your real concern!
>
>
BTW, this is all assuming server-side KDF...
Even if clients are able to aquire privileges by brute forcing
hash-space directly, and that's cheaper, you still have the benefit of
securing the original key in case users reuse it on other sites.
- References:
- Re: Time Invariant String Comparison, Coda Highland
- Re: Time Invariant String Comparison, Pierre Chapuis
- Re: Time Invariant String Comparison, William Ahern
- Re: Time Invariant String Comparison, Andres Perera
- Re: Time Invariant String Comparison, William Ahern
- Re: Time Invariant String Comparison, Andres Perera
- Re: Time Invariant String Comparison, William Ahern
- Re: Time Invariant String Comparison, Andres Perera
- Re: Time Invariant String Comparison, William Ahern
- Re: Time Invariant String Comparison, Andres Perera
- Re: Time Invariant String Comparison, William Ahern