Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Cryptographers Aim to Find New Password Hashing Algorithm

Trailrunner7 (1100399) writes | about a year and a half ago

Encryption 0

Trailrunner7 (1100399) writes "Passwords are the keys to our online identities, and as a result, they're also near the top of the target list for attackers. There have been countless breaches in the last few years in which unencrypted passwords have been stolen from a database and leaked online, and security experts often shake their heads at the lack of use of encryption or even hashing for passwords. Now, a group of cryptographers is sponsoring a competition to come up with a new password hash algorithm to help improve the state of the art.

Hashing algorithms are used to secure passwords by taking the plaintext password, passing it through the cryptographic hash algorithm, and then storing the resulting digest, rather than the plaintext password itself. That way, if attackers are able to compromise the database of passwords, what they get are the hashes and not the actual passwords.

However, the algorithms used to hash passwords in most cases are functions such as SHA-1 and MD5, which have known weaknesses that open them up to brute-force attacks. So if an attacker is able to access a database of hashed passwords, he may be able to crack them, given enough time and compute power. When these algorithms were designed years ago, the hardware needed to crack a hash produced by one of them was not commonly available. But now, powerful GPUs and FPGAs are widely available and can be used by an attacker to crack hashes relatively quickly.

"Password hashing is important because it's where we have a problem. NIST has given us some great standard hashing algorithms. The problem is that these hashes aren't necessarily designed for the specific problem of password hashing — where you need something that's fast enough to hash on a server at login time, but slow enough that a GPU can't crack ten million of them," Green said."

Link to Original Source

cancel ×

0 comments

Sorry! There are no comments related to the filter you selected.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>