[cryptography] [Cryptography] TLS2

Wasa wasabee18 at gmail.com
Mon Sep 30 09:34:27 EDT 2013


On 30/09/13 10:47, Adam Back wrote:
> Well clearly passwords are bad and near the end of their life-time 
> with GPU
> advances, and even amplified password authenticated key exchanges like 
> EKE
> have a (so far) unavoidable design requirement to have the server store
> something offline grindable, which could be key stretched, but thats 
> it. PBKDF2 + current GPU or ASIC farms = game over for passwords. 
what about stronger pwd-based key exchange like SRP and JPAKE?
Passwords don't scale up and are very inconvenient, but are you sure 
your argument "PBKDF2 + current GPU or ASIC farms = game over for 
passwords" really holds? what about scrypt?
And theoretically, you can always increase the number of rounds in the 
hash... I refer to this link too: 
http://www.lightbluetouchpaper.org/2013/01/17/moores-law-wont-kill-passwords/

Looking forward to ur comments.




More information about the cryptography mailing list