[Haskell-cafe] Password hashing

Brandon S. Allbery KF8NH allbery at ece.cmu.edu
Thu Oct 30 21:42:56 EDT 2008


On 2008 Oct 30, at 8:43, Martijn van Steenbergen wrote:
> roger peppe wrote:
>> if you're prepared to expend a few cpu cycles, you can always
>> use something like the following "beating clocks" algorithm, which
>> should generate
>> at least some genuine randomness, as long as you've got preemptive
>> scheduling, and a few hardware interrupts around the place.
>
> I was taught that using the scheduler to generate randomness is a  
> pretty bad idea, because randomness is actually a *very* strong  
> property to demand from a stream of bits, and a scheduler doesn't  
> offer any such guarantees.


There's quite a body of research about cracking such schemes; note for  
example that "hyperthreading" quietly dropped off the radar after  
someone demonstrated they could snoop on any crypto algorithm running  
in one hyperthread from the other.

In general, if you think you've come up with a good randomness or  
encryption scheme on your own, back away from the keyboard and don't  
come back until you're ready to use an existing well-understood scheme  
--- even the experts make mistakes in this area, and most "neat" new  
ideas" turn out to be trivially unraveled.

-- 
brandon s. allbery [solaris,freebsd,perl,pugs,haskell] allbery at kf8nh.com
system administrator [openafs,heimdal,too many hats] allbery at ece.cmu.edu
electrical and computer engineering, carnegie mellon university    KF8NH




More information about the Haskell-Cafe mailing list