[cryptography] PBKDF2 + current GPU or ASIC farms = game over for passwords (Re: TLS2)

dan at geer.org dan at geer.org
Mon Sep 30 22:00:12 EDT 2013


 >Well clearly passwords are bad and near the end of their life-time with
 >GPU advances, and even amplified password authenticated key exchanges like
 >EKE have a (so far) unavoidable design requirement to have the server
 >store something offline grindable, which could be key stretched, but thats
 >it.  PBKDF2 + current GPU or ASIC farms = game over for passwords.

Before discarding passwords as yesterday's fish, glance at this:

http://www.wired.com/opinion/2013/09/the-unexpected-result-of-fingerprint-authe
ntication-that-you-cant-take-the-fifth

--dan



More information about the cryptography mailing list