[Haskell-cafe] Password hashing
Brandon S. Allbery KF8NH
allbery at ece.cmu.edu
Thu Oct 30 21:47:03 EDT 2008
On 2008 Oct 30, at 9:12, roger peppe wrote:
> i'd be interested to know if you know of any studies on this.
> i know of at least one system that uses it as the basis for
> its crypto. superficially it's certainly an attractive method, with
> external dependencies, and, i'd have thought, at least a useful
> addition to just using the system time.
It turns out to be trivial to game randomness generated from scheduler
activations: just launch enough other CPU-using processes to max out
the scheduler and the search space gets *very* small.
brandon s. allbery [solaris,freebsd,perl,pugs,haskell] allbery at kf8nh.com
system administrator [openafs,heimdal,too many hats] allbery at ece.cmu.edu
electrical and computer engineering, carnegie mellon university KF8NH
More information about the Haskell-Cafe