[Haskell-cafe] Password hashing

Brandon S. Allbery KF8NH allbery at ece.cmu.edu
Thu Oct 30 21:47:03 EDT 2008


On 2008 Oct 30, at 9:12, roger peppe wrote:
> i'd be interested to know if you know of any studies on this.
>
> i know of at least one system that uses it as the basis for
> its crypto. superficially it's certainly an attractive method, with  
> minimal
> external dependencies, and, i'd have thought, at least a useful
> addition to just using the system time.

It turns out to be trivial to game randomness generated from scheduler  
activations:  just launch enough other CPU-using processes to max out  
the scheduler and the search space gets *very* small.

-- 
brandon s. allbery [solaris,freebsd,perl,pugs,haskell] allbery at kf8nh.com
system administrator [openafs,heimdal,too many hats] allbery at ece.cmu.edu
electrical and computer engineering, carnegie mellon university    KF8NH




More information about the Haskell-Cafe mailing list