[cryptography] replacing passwords with keys is not so hard (Re: PBKDF2 + current GPU or ASIC farms = game over for passwords)

Stephen Farrell stephen.farrell at cs.tcd.ie
Tue Oct 1 17:35:34 EDT 2013

On 10/01/2013 10:12 AM, Adam Back wrote:

> its impolite to point at your own designs 

Heh, I guess its ok to pile on so:-)

HOBA [1,2] is our similar idea. More focused on lower assurance
settings for now at least, on the basis that those passwords are
arguably more likely to leak and on being a straight drop-in
replacement a site can do all by themselves.

But the goal of getting rid of crappy passwords is the same and
is laudable mostly regardless of the scheme specifics.


[1] https://tools.ietf.org/html/draft-ietf-httpauth-hoba
[2] https://hoaba.ie/

More information about the cryptography mailing list