[cryptography] PBKDF2 + current GPU or ASIC farms = game over for passwords (Re: TLS2)
iang at iang.org
Tue Oct 1 05:16:20 EDT 2013
On 1/10/13 11:56 AM, ianG wrote:
> On 1/10/13 05:00 AM, dan at geer.org wrote:
>> >Well clearly passwords are bad and near the end of their life-time
>> >GPU advances, and even amplified password authenticated key
>> exchanges like
>> >EKE have a (so far) unavoidable design requirement to have the server
>> >store something offline grindable, which could be key stretched,
>> but thats
>> >it. PBKDF2 + current GPU or ASIC farms = game over for passwords.
>> Before discarding passwords as yesterday's fish, glance at this:
> I think the takeaway from this password debate (for me) is that any
> requirements listed for a TLS2 should be something like:
> "Integrates well with current and future authentication methods."
> (and leave the contenders to duke it out...)
Which leaves open the question (in my mind) as to whether to require this:
"Both end points must authenticate each other."
More information about the cryptography