SHA-3 is KECCAK

Uranuz neuranuz at gmail.com
Mon Jan 27 01:08:03 PST 2014 

Thanks for responses. I considered to use scrypt for now, because 
as described is's harder to hack it with brute force using GPU, 
ASIC, FPGA than bcrypt. But it has some limitations too. I've 
tried to tweak it to use more memory and less computation time 
but failed. Another question for me is how would I support this 
type of password authentication. After some years computation 
powers will grow and I will need to modify my hased keys stored 
in DB to adequately resist this. So I need some protocol where 
some parameters could be tweaked I'll be able to "rehash" or make 
some additional iterations with existing password hashes with no 
need to disturb users that "we have some security updates and ask 
users to change their passwords". So this part of reply is 
interesting for with from described point of view.

> Consider using AES256 poorly:
> 1. Take any password
> 2. hash it with MD5
> 3. Use that hash as the key (pad the extra bits with 0s) to 
> encrypt something using AES256 in ECB mode

I need kind of function with the these properties.
   KDF(passwd, salt, jobFactor1)
   KDF(passwd, salt, jobFactor2)
   where jobFactor1 - initial number representing amont of job 
needed to calculate hash, and jobFactor2 ( > jobFactor1 ) is 
index that will be actual in the future.
   For old hashes I would do something like this
   KDF_diff(KDF_old, jobFactor2 - jobFactor1)
   But for new users (or for users that wants to change password) 
I will call original KDF(passwd, salt, jobFactor2) with new job 
factor. Also would be suitable implementation where KDF_diff is 
same as KDF and simply used as KDF(KDF_old, salt, jobFactor2 - 
jobFactor1). It can be simply achieved by using some SHA2, SHA3, 
MD5 or other hash function used in cycle. But I want to believe 
that some other elegant solution exists in combination with 
memory-hard function like scrypt.

Also I found some info about new Key Derivation Functions. But 
seems that they are not enough checked for security and have 
enough tested implementation.
http://lyra-kdf.net/
http://eprint.iacr.org/2013/525.pdf

Also I found site about password hashing functions competition. 
It will be interesting to read what D community thinks about it.
https://password-hashing.net/faq.html

More information about the Digitalmars-d mailing list