Skip to main content
Top
Published in:
Cover of the book

2015 | OriginalPaper | Chapter

Overview of the Candidates for the Password Hashing Competition

And Their Resistance Against Garbage-Collector Attacks

Authors : Christian Forler, Eik List, Stefan Lucks, Jakob Wenzel

Published in: Technology and Practice of Passwords

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

In this work we provide an overview of the candidates of the Password Hashing Competition (PHC) regarding to their functionality, e.g., client-independent update and server relief, their security, e.g., memory-hardness and side-channel resistance, and its general properties, e.g., memory usage and flexibility of the underlying primitives. Furthermore, we formally introduce two kinds of attacks, called Garbage-Collector and Weak Garbage-Collector Attack, exploiting the memory management of a candidate. Note that we consider all candidates which are not yet withdrawn from the competition.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Literature
1.
go back to reference Aciiçmez, O.: Yet another microarchitectural attack:: exploiting I-Cache. In: Proceedings of the 2007 ACM workshop on Computer Security Architecture, CSAW 2007, 2 November 2007, Fairfax, VA, USA, pp.11–18 (2007) Aciiçmez, O.: Yet another microarchitectural attack:: exploiting I-Cache. In: Proceedings of the 2007 ACM workshop on Computer Security Architecture, CSAW 2007, 2 November 2007, Fairfax, VA, USA, pp.11–18 (2007)
2.
go back to reference Acıiçmez, O., Brumley, B.B., Grabher, P.: New results on instruction cache attacks. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 110–124. Springer, Heidelberg (2010) CrossRef Acıiçmez, O., Brumley, B.B., Grabher, P.: New results on instruction cache attacks. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 110–124. Springer, Heidelberg (2010) CrossRef
3.
go back to reference Aciiçmez, O., Koç, Ç.K., Seifert, J.-P.: On the power of simple branch prediction analysis. IACR Cryptology ePrint Archive, 2006:351 (2006) Aciiçmez, O., Koç, Ç.K., Seifert, J.-P.: On the power of simple branch prediction analysis. IACR Cryptology ePrint Archive, 2006:351 (2006)
4.
go back to reference Aciiçmez, O., Seifert, J.-P.: Cheap hardware parallelism implies cheap security. In: Fourth International Workshop on Fault Diagnosis and Tolerance in Cryptography, 2007, FDTC 2007: Vienna, Austria, 10 September 2007, pp. 80–91 (2007) Aciiçmez, O., Seifert, J.-P.: Cheap hardware parallelism implies cheap security. In: Fourth International Workshop on Fault Diagnosis and Tolerance in Cryptography, 2007, FDTC 2007: Vienna, Austria, 10 September 2007, pp. 80–91 (2007)
6.
go back to reference Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Duplexing the Sponge: single-pass authenticated encryption and other applications. In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol. 7118, pp. 320–337. Springer, Heidelberg (2012) CrossRef Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Duplexing the Sponge: single-pass authenticated encryption and other applications. In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol. 7118, pp. 320–337. Springer, Heidelberg (2012) CrossRef
8.
go back to reference Blaze, M.: Efficient Symmetric-Key Ciphers Based on an NP-Complete Subproblem (1996) Blaze, M.: Efficient Symmetric-Key Ciphers Based on an NP-Complete Subproblem (1996)
19.
go back to reference Gullasch, D., Bangerter, E., Krenn, S.: Cache games - bringing access-based cache attacks on AES to practice. In: 32nd IEEE Symposium on Security and Privacy, S&P 2011, 22–25 May 2011, Berkeley, California, USA, pp. 490–505 (2011) Gullasch, D., Bangerter, E., Krenn, S.: Cache games - bringing access-based cache attacks on AES to practice. In: 32nd IEEE Symposium on Security and Privacy, S&P 2011, 22–25 May 2011, Berkeley, California, USA, pp. 490–505 (2011)
21.
go back to reference Kaliski, B.: RFC 2898 - PKCS #5: Password-Based Cryptography Specification Version 2.0. Technical report, IETF (2000) Kaliski, B.: RFC 2898 - PKCS #5: Password-Based Cryptography Specification Version 2.0. Technical report, IETF (2000)
25.
go back to reference Percival, C.: Cache missing for fun and profit. In: Proceedings of BSDCan 2005 (2005) Percival, C.: Cache missing for fun and profit. In: Proceedings of BSDCan 2005 (2005)
26.
go back to reference Percival, C.: Stronger Key Derivation via Sequential Memory-Hard Functions. Presented at BSDCan 2009, May 2009 (2009) Percival, C.: Stronger Key Derivation via Sequential Memory-Hard Functions. Presented at BSDCan 2009, May 2009 (2009)
30.
go back to reference Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 2009 ACM Conference on Computer and Communications Security, CCS 2009, 9–13 November 2009, Chicago, Illinois, USA, pp. 199–212 (2009) Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 2009 ACM Conference on Computer and Communications Security, CCS 2009, 9–13 November 2009, Chicago, Illinois, USA, pp. 199–212 (2009)
37.
go back to reference Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-VM side channels and their use to extract private keys. In: the ACM Conference on Computer and Communications Security, CCS 2012, 16–18 October 2012, Raleigh, NC, USA, pp. 305–316 (2012) Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-VM side channels and their use to extract private keys. In: the ACM Conference on Computer and Communications Security, CCS 2012, 16–18 October 2012, Raleigh, NC, USA, pp. 305–316 (2012)
Metadata
Title
Overview of the Candidates for the Password Hashing Competition
Authors
Christian Forler
Eik List
Stefan Lucks
Jakob Wenzel
Copyright Year
2015
DOI
https://doi.org/10.1007/978-3-319-24192-0_1

Premium Partner