The Password Hashing Competition: Motivation, Challenges, and Organization
Date: July 2013
Publication: Passwords13 Las Vegas
Source: Currently no known Internet copy of paper.
Abstract or Summary:
The Password Hashing Competition gathers the leading experts from the password cracking scene, as well as cryptographers and software engineers from academia, as well as NIST, to develop the password hashing methods of the future.
Passwords are hashed everywhere: operating systems, smartphones, web services, disk encryption tools, etc. Hashing passwords mitigates the impact of a compromised database by forcing attackers to brute force passwords. Brute force is easier when the hash function is not "salted", fast to evaluate, and easy to implement as multiple parallel instances on GPUs or multi-core systems.
However, existing solutions are not satisfactory, and the huge majority of systems relies on weak hashes (cf. leaks from Sony, LinkedIn, or more recently Evernote). After a brief introduction of the problem and previous solution attempts, this talk presents a roadmap towards new improved hashing methods, as desired by a number of parties (from industry and standardization organizations).
PasswordResearch.com Note: Video of presentation: https://www.youtube.com/watch?v=jpyElti7lG8
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.