[Haskell-cafe] Password hashing
Brandon S. Allbery KF8NH
allbery at ece.cmu.edu
Thu Oct 30 21:42:56 EDT 2008
On 2008 Oct 30, at 8:43, Martijn van Steenbergen wrote:
> roger peppe wrote:
>> if you're prepared to expend a few cpu cycles, you can always
>> use something like the following "beating clocks" algorithm, which
>> should generate
>> at least some genuine randomness, as long as you've got preemptive
>> scheduling, and a few hardware interrupts around the place.
>
> I was taught that using the scheduler to generate randomness is a
> pretty bad idea, because randomness is actually a *very* strong
> property to demand from a stream of bits, and a scheduler doesn't
> offer any such guarantees.
There's quite a body of research about cracking such schemes; note for
example that "hyperthreading" quietly dropped off the radar after
someone demonstrated they could snoop on any crypto algorithm running
in one hyperthread from the other.
In general, if you think you've come up with a good randomness or
encryption scheme on your own, back away from the keyboard and don't
come back until you're ready to use an existing well-understood scheme
--- even the experts make mistakes in this area, and most "neat" new
ideas" turn out to be trivially unraveled.
--
brandon s. allbery [solaris,freebsd,perl,pugs,haskell] allbery at kf8nh.com
system administrator [openafs,heimdal,too many hats] allbery at ece.cmu.edu
electrical and computer engineering, carnegie mellon university KF8NH
More information about the Haskell-Cafe
mailing list