NetBSD Multimedia Resources List
Links on this page refer to multimedia resources (podcast, vodcast,
audio recordings, video recordings, photos) related to NetBSD or
of interest for NetBSD users.
This list is available as chronological
overview, as a tag cloud and
via the sources.
This list is also available as RSS feed
If you know any resources not listed here, or notice any dead links,
please send details to
Edwin Groothuis so that
it can be included or updated.
Tag: scrypt
Colin Percival - scrypt: A new key derivation function
Source: BSDCan - The Technical BSD Conference
Added: 25 May 2009
Tags: bsdcan, bsdcan2009, presentation, scrypt, colin percival
Slides (556 Kb, 21 pages), Paper (201 Kb, 16 pages)
scrypt: A new key derivation function
Doing our best to thwart TLAs armed with ASICs
Password-based key derivation functions are used
for two primary purposes: First, to hash passwords
so that an attacker who gains access to a password
file does not immediately possess the passwords
contained therewithin; and second, to generate
cryptographic keys to be used for encrypting or
authenticating data.
In both cases, if passwords do not have sufficient
entropy, an attacker with the relevant data can
perform a brute force attack, hashing potential
passwords repeatedly until the correct key is found.
While commonly used key derivation functions, such
as Kamp's iterated MD5, Provos and Mazieres' bcrypt,
and RSA Laboratories' PBKDF1 and PBKDF2 make an
attempt to increase the difficulty of brute-force
attacks, they all require very little memory, making
them ideally suited to attack by custom hardware.
In this talk, I will introduce the concepts of
memory-hard and sequential memory-hard functions,
and argue that key derivation functions should be
sequential memory-hard. I will present a key
derivation function which, subject to common
assumptions about cryptographic hash functions, is
provably sequential memory-hard, and a variation
which appears to be stronger (but not provably so).
Finally, I will provide some estimates of the cost
of performing brute force attacks on a variety of
password strengths and key derivation functions.
|
|