Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] [cryptography] New Anonymity Network for Short Messages

Eugen Leitl eugen at
Wed Jun 12 06:25:33 PDT 2013

----- Forwarded message from Wasa <wasabee18 at> -----

Date: Wed, 12 Jun 2013 14:11:25 +0100
From: Wasa <wasabee18 at>
To: cryptography at
CC: Eugen Leitl <eugen at>
Subject: Re: [cryptography] [liberationtech] New Anonymity Network for Short Messages
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130510 Thunderbird/17.0.6

On 11/06/13 20:06, Eugen Leitl wrote:
> Use a timing-independent array
> comparison<>.
> It's an easy fix. I've made the same mistake before, which is why I always
> look for it now.
the page says "Usually it's not, but if these were passwords instead
of cryptographic values, it would be better to hash them with PBKDF2
<> or bcrypt
<> instead of working with
them directly."
if you are indeed comparing passwords thru their
hashed/bcrypt'ed/pbkdf2'ed representations; you would now leak info
about whether or not those representations mach. You have essentially
shifted the problem to their hashes. I don't believe this is enough.

if users have simple password, this theoretically allows someone to
brute force password offline once attackers know the
hashed/bcrypt'ed/pbkdf2'ed representation (leaked thru the side
channel mentioned above; e.g. timing). Yes it is better than plain
text password but not bullet proof. Let H be the representation of the
password using an (iterative) hash; then wouldn't it be better to
compare H(N,The_pwd) and H(N,attempt_pwd), where N is picked randomly
each time the comparison is performed?
This way, every time you compare pwds; the H representation changes,
and you cannot do offline brute force search.

BTW, scrypt is also better than bcrypt/pbkdf2 against pwd cracking.

----- End forwarded message -----
Eugen* Leitl <a href="">leitl</a>
ICBM: 48.07100, 11.36820
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5

More information about the liberationtech mailing list