password hashing: the future is now - black hat … livingsocial's 50-million password ... like...
TRANSCRIPT
return password
return hash( password )
•
•
•
return hash( password, salt )
•
•
•
return hash( password, salt, cost )
•
•
•
•
×
V[i] = H( V[i-1] ), i=0..N-1
b83546b4
V[i] = H( V[i-1] ), i=0..N-1
b83546b4 b2e2a2f5
V[i] = H( V[i-1] ), i=0..N-1
b83546b4 b2e2a2f5 10cbd82a
V[i] = H( V[i-1] ), i=0..N-1
b83546b4 b2e2a2f5 10cbd82a ...
V[i] = H( V[i-1] ), i=0..N-1
b83546b4 b2e2a2f5 10cbd82a ... 57500361
V[i] = H( V[i-1] ), i=0..N-1
b83546b4 b2e2a2f5 10cbd82a ... 57500361 299c689f
V[i] = H( V[i-1] ), i=0..N-1
X = H( X ⊕ V[ X mod N ] ), i=0..N-1
b83546b4 b2e2a2f5 10cbd82a ... 57500361 299c689f
V[i] = H( V[i-1] ), i=0..N-1
X = H( X ⊕ V[ X mod N ] ), i=0..N-1
b83546b4 b2e2a2f5 10cbd82a ... 57500361 299c689f
V[i] = H( V[i-1] ), i=0..N-1
X = H( X ⊕ V[ X mod N ] ), i=0..N-1
b83546b4 b2e2a2f5 10cbd82a ... 57500361 299c689f
V[i] = H( V[i-1] ), i=0..N-1
X = H( X ⊕ V[ X mod N ] ), i=0..N-1
b83546b4 b2e2a2f5 10cbd82a ... 57500361 299c689f
scrypt
MFcrypt
PBKDF2
HMAC
SHA-256
SMix
ROMix
BlockMix
Salsa20/8
×
× ×
call for submissions (Q1 2013)
receive submissions (Q1 2014)
analyze security/performance
finalists selection (Q3 2014)
winners selection (Q2 2015)
analyze security/performance
≈
