[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Time Invariant String Comparison
- From: Rob Kendrick <rjek@...>
- Date: Sat, 25 Jan 2014 11:06:56 +0000
On Fri, Jan 24, 2014 at 10:12:02PM -0800, William Ahern wrote:
> Here's a blurb from the scrypt webpage:
>
> We estimate that on modern (2009) hardware, if 5 seconds are spent
> computing a derived key, the cost of a hardware brute-force attack
> against scrypt is roughly 4000 times greater than the cost of a
> similar attack against bcrypt (to find the same password), and 20000
> times greater than a similar attack against PBKDF2.
>
> Who in their right mind would allow their website authentication system to
> spend 5 seconds (an eternity!) hogging a CPU? Especially when you could
> instead mandate passwords just three or four characters longer for the same
> benefit and without crippling your throughput?
Because verifying with a correct password is much faster than verifying
with an incorrect one. Plus, that 5 seconds is tunable. Want it to be
only a milisecond? Fine. You can do that, and make sure it's always a
milisecond, regardless of how fast computers get.
> Anything over a millisecond is already too long for real websites.
Not all websites are Facebook.
B.
- References:
- Re: Time Invariant String Comparison, Pierre Chapuis
- Re: Time Invariant String Comparison, William Ahern
- Re: Time Invariant String Comparison, Andres Perera
- Re: Time Invariant String Comparison, William Ahern
- Re: Time Invariant String Comparison, Andres Perera
- Re: Time Invariant String Comparison, William Ahern
- Re: Time Invariant String Comparison, Andres Perera
- Re: Time Invariant String Comparison, William Ahern
- Re: Time Invariant String Comparison, Andres Perera
- Re: Time Invariant String Comparison, William Ahern