Skip to main content
SpringerLink
Log in

Overview of the Candidates for the Password Hashing Competition

And Their Resistance Against Garbage-Collector Attacks

  • Conference paper
  • First Online:
Technology and Practice of Passwords (PASSWORDS 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9393))

Included in the following conference series:

Abstract

In this work we provide an overview of the candidates of the Password Hashing Competition (PHC) regarding to their functionality, e.g., client-independent update and server relief, their security, e.g., memory-hardness and side-channel resistance, and its general properties, e.g., memory usage and flexibility of the underlying primitives. Furthermore, we formally introduce two kinds of attacks, called Garbage-Collector and Weak Garbage-Collector Attack, exploiting the memory management of a candidate. Note that we consider all candidates which are not yet withdrawn from the competition.

C. Forler—The research leading to these results received funding from the Silicon Valley Community Foundation, under the Cisco Systems project Misuse Resistant Authenticated Encryption for Complex and Low-End Systems (MIRACLE).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 34.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 44.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Aciiçmez, O.: Yet another microarchitectural attack:: exploiting I-Cache. In: Proceedings of the 2007 ACM workshop on Computer Security Architecture, CSAW 2007, 2 November 2007, Fairfax, VA, USA, pp.11–18 (2007)

    Google Scholar 

  2. Acıiçmez, O., Brumley, B.B., Grabher, P.: New results on instruction cache attacks. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 110–124. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  3. Aciiçmez, O., Koç, Ç.K., Seifert, J.-P.: On the power of simple branch prediction analysis. IACR Cryptology ePrint Archive, 2006:351 (2006)

    Google Scholar 

  4. Aciiçmez, O., Seifert, J.-P.: Cheap hardware parallelism implies cheap security. In: Fourth International Workshop on Fault Diagnosis and Tolerance in Cryptography, 2007, FDTC 2007: Vienna, Austria, 10 September 2007, pp. 80–91 (2007)

    Google Scholar 

  5. Alvarez, R.: CENTRIFUGE - A password hashing algorithm (2014). https://password-hashing.net/submissions/specs/Centrifuge-v0.pdf

  6. Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Duplexing the Sponge: single-pass authenticated encryption and other applications. In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol. 7118, pp. 320–337. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  7. Biryukov, A., Khovratovich, D.: ARGON and Argon2: Password Hashing Scheme (2015). https://password-hashing.net/submissions/specs/Argon-v2.pdf

  8. Blaze, M.: Efficient Symmetric-Key Ciphers Based on an NP-Complete Subproblem (1996)

    Google Scholar 

  9. Cappos, J.: PolyPassHash: protecting passwords. In: The Event Of A Password File Disclosure (2014). https://password-hashing.net/submissions/specs/PolyPassHash-v0.pdf

  10. Chang, D., Jati, A., Mishra, S., Sanadhya, S.M.: Rig: A simple, secure and flexible design for Password Hashing (2014). https://password-hashing.net/submissions/specs/RIG-v2.pdf

  11. Codenomicon. The Heartbleed Bug (2014). http://heartbleed.com/

  12. Cox, B.: TwoCats (and SkinnyCat): A Compute Time and Sequential Memory Hard Password Hashing Scheme (2014). https://password-hashing.net/submissions/specs/TwoCats-v0.pdf

  13. Designer, S.: New developments in password hashing: ROM-port-hard functions (2012). http://distro.ibiblio.org/openwall/presentations/New-In-Password-Hashin g/ZeroNights2012-New-In-Password-Hashing.pdf

  14. Dürmuth, M., Zimmermann, R.: AntCrypt (2014). https://password-hashing.net/submissions/AntCrypt-v0.pdf

  15. Enright, B.: Omega Crypt (ocrypt) (2014). https://password-hashing.net/submissions/specs/OmegaCrypt-v0.pdf

  16. Forler, C., Lucks, S., Wenzel, J.: The Catena Password-Scrambling Framework (2015). https://password-hashing.net/submissions/specs/Catena-v3.pdf

  17. Franke, D.: The EARWORM Password Hashing Algorithm (2014). https://password-hashing.net/submissions/specs/EARWORM-v0.pdf

  18. Gosney, J.M.: The Pufferfish Password Hashing Scheme (2015). https://password-hashing.net/submissions/specs/Pufferfish-v1.pdf

  19. Gullasch, D., Bangerter, E., Krenn, S.: Cache games - bringing access-based cache attacks on AES to practice. In: 32nd IEEE Symposium on Security and Privacy, S&P 2011, 22–25 May 2011, Berkeley, California, USA, pp. 490–505 (2011)

    Google Scholar 

  20. Simplicio Jr., M.A., Almeida, L.C., Andrade, E.R., dos Santos, P.C.F., Barreto, P.S.L.M.: The Lyra2 reference guide (2015). https://password-hashing.net/submissions/specs/Lyra2-v3.pdf

  21. Kaliski, B.: RFC 2898 - PKCS #5: Password-Based Cryptography Specification Version 2.0. Technical report, IETF (2000)

    Google Scholar 

  22. Kapun, E.: Yarn password hashing function (2014). https://password-hashing.net/submissions/specs/Yarn-v2.pdf

  23. Maslennikov, M.: PASSWORD HASHING SCHEME MCS\(\_\)PHS (2015). https://password-hashing.net/submissions/specs/MCS_PHS-v2.pdf

  24. Mubarak, H.: Lanarea DF (2014). https://password-hashing.net/submissions/specs/Lanarea-v0.pdf

  25. Percival, C.: Cache missing for fun and profit. In: Proceedings of BSDCan 2005 (2005)

    Google Scholar 

  26. Percival, C.: Stronger Key Derivation via Sequential Memory-Hard Functions. Presented at BSDCan 2009, May 2009 (2009)

    Google Scholar 

  27. Peslyak, A.: yescrypt - a Password Hashing Competition submission (2015). https://password-hashing.net/submissions/specs/yescrypt-v1.pdf

  28. Pintér, K.: Gambit - A sponge based, memory hard key derivation function (2014). https://password-hashing.net/submissions/specs/Gambit-v1.pdf

  29. Pornin, T.: The MAKWA Password Hashing Function (2015). https://password-hashing.net/submissions/specs/Makwa-v1.pdf

  30. Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 2009 ACM Conference on Computer and Communications Security, CCS 2009, 9–13 November 2009, Chicago, Illinois, USA, pp. 199–212 (2009)

    Google Scholar 

  31. Teath Sch. Tortuga - Password hashing based on the Turtle algorithm (2014). https://password-hashing.net/submissions/specs/Tortuga-v0.pdf

  32. Thomas, S.: battcrypt (Blowfish All The Things) (2014). https://password-hashing.net/submissions/specs/battcrypt-v0.pdf

  33. Thomas, S.: Parallel (2014). https://password-hashing.net/submissions/specs/Parallel-v0.pdf

  34. Vuckovac, R.: schvrch (2014). https://password-hashing.net/submissions/specs/Schvrch-v0.pdf

  35. Wu, H.: POMELO: A Password Hashing Algorithm (2015). https://password-hashing.net/submissions/specs/POMELO-v3.pdf

  36. Young, E.A., Hudson, T.J.: OpenSSL: The Open Source toolkit for SSL/TLS, September 2011. http://www.openssl.org/

  37. Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-VM side channels and their use to extract private keys. In: the ACM Conference on Computer and Communications Security, CCS 2012, 16–18 October 2012, Raleigh, NC, USA, pp. 305–316 (2012)

    Google Scholar 

Download references

Acknowledgement

Thanks to B. Cox, J. M. Gosney, D. Khovratovich, A. Peslyak, S. Schmidt, H. Wu, and all contributors to the PHC mailing list for providing us with valuable comments and fruitful discussions.

Author information

Authors and Affiliations

  1. Bauhaus-Universität Weimar, Weimar, Germany

    Christian Forler, Eik List, Stefan Lucks & Jakob Wenzel

Authors
  1. Christian Forler
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Eik List
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Stefan Lucks
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jakob Wenzel
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jakob Wenzel .

Editor information

Editors and Affiliations

  1. Dept of Telematics, Norwegian Univ of Science & Tech, Trondheim, Norway

    Stig F. Mjølsnes

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Forler, C., List, E., Lucks, S., Wenzel, J. (2015). Overview of the Candidates for the Password Hashing Competition. In: Mjølsnes, S. (eds) Technology and Practice of Passwords. PASSWORDS 2014. Lecture Notes in Computer Science(), vol 9393. Springer, Cham. https://doi.org/10.1007/978-3-319-24192-0_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-24192-0_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-24191-3

  • Online ISBN: 978-3-319-24192-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation