Re: SHA-3 is KECCAK

Mon, 27 Jan 2014 01:12:06 -0800

Thanks for responses. I considered to use scrypt for now, because as described is's harder to hack it with brute force using GPU, ASIC, FPGA than bcrypt. But it has some limitations too. I've tried to tweak it to use more memory and less computation time but failed. Another question for me is how would I support this type of password authentication. After some years computation powers will grow and I will need to modify my hased keys stored in DB to adequately resist this. So I need some protocol where some parameters could be tweaked I'll be able to "rehash" or make some additional iterations with existing password hashes with no need to disturb users that "we have some security updates and ask users to change their passwords". So this part of reply is interesting for with from described point of view. 


Consider using AES256 poorly:
1. Take any password
2. hash it with MD5
3. Use that hash as the key (pad the extra bits with 0s) to encrypt something using AES256 in ECB mode 

I need kind of function with the these properties.
  KDF(passwd, salt, jobFactor1)
  KDF(passwd, salt, jobFactor2)

  where jobFactor1 - initial number representing amont of job 
needed to calculate hash, and jobFactor2 ( > jobFactor1 ) is 
index that will be actual in the future.

  For old hashes I would do something like this
  KDF_diff(KDF_old, jobFactor2 - jobFactor1)

  But for new users (or for users that wants to change password) 
I will call original KDF(passwd, salt, jobFactor2) with new job 
factor. Also would be suitable implementation where KDF_diff is 
same as KDF and simply used as KDF(KDF_old, salt, jobFactor2 - 
jobFactor1). It can be simply achieved by using some SHA2, SHA3, 
MD5 or other hash function used in cycle. But I want to believe 
that some other elegant solution exists in combination with 
memory-hard function like scrypt.



Also I found some info about new Key Derivation Functions. But 
seems that they are not enough checked for security and have 
enough tested implementation.

http://lyra-kdf.net/
http://eprint.iacr.org/2013/525.pdf


Also I found site about password hashing functions competition. 
It will be interesting to read what D community thinks about it.

https://password-hashing.net/faq.html

























					Reply via email to