Abstract
In this work we provide an overview of the candidates of the Password Hashing Competition (PHC) regarding to their functionality, e.g., client-independent update and server relief, their security, e.g., memory-hardness and side-channel resistance, and its general properties, e.g., memory usage and flexibility of the underlying primitives. Furthermore, we formally introduce two kinds of attacks, called Garbage-Collector and Weak Garbage-Collector Attack, exploiting the memory management of a candidate. Note that we consider all candidates which are not yet withdrawn from the competition.
C. Forler—The research leading to these results received funding from the Silicon Valley Community Foundation, under the Cisco Systems project Misuse Resistant Authenticated Encryption for Complex and Low-End Systems (MIRACLE).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Aciiçmez, O.: Yet another microarchitectural attack:: exploiting I-Cache. In: Proceedings of the 2007 ACM workshop on Computer Security Architecture, CSAW 2007, 2 November 2007, Fairfax, VA, USA, pp.11–18 (2007)
Acıiçmez, O., Brumley, B.B., Grabher, P.: New results on instruction cache attacks. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 110–124. Springer, Heidelberg (2010)
Aciiçmez, O., Koç, Ç.K., Seifert, J.-P.: On the power of simple branch prediction analysis. IACR Cryptology ePrint Archive, 2006:351 (2006)
Aciiçmez, O., Seifert, J.-P.: Cheap hardware parallelism implies cheap security. In: Fourth International Workshop on Fault Diagnosis and Tolerance in Cryptography, 2007, FDTC 2007: Vienna, Austria, 10 September 2007, pp. 80–91 (2007)
Alvarez, R.: CENTRIFUGE - A password hashing algorithm (2014). https://password-hashing.net/submissions/specs/Centrifuge-v0.pdf
Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Duplexing the Sponge: single-pass authenticated encryption and other applications. In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol. 7118, pp. 320–337. Springer, Heidelberg (2012)
Biryukov, A., Khovratovich, D.: ARGON and Argon2: Password Hashing Scheme (2015). https://password-hashing.net/submissions/specs/Argon-v2.pdf
Blaze, M.: Efficient Symmetric-Key Ciphers Based on an NP-Complete Subproblem (1996)
Cappos, J.: PolyPassHash: protecting passwords. In: The Event Of A Password File Disclosure (2014). https://password-hashing.net/submissions/specs/PolyPassHash-v0.pdf
Chang, D., Jati, A., Mishra, S., Sanadhya, S.M.: Rig: A simple, secure and flexible design for Password Hashing (2014). https://password-hashing.net/submissions/specs/RIG-v2.pdf
Codenomicon. The Heartbleed Bug (2014). http://heartbleed.com/
Cox, B.: TwoCats (and SkinnyCat): A Compute Time and Sequential Memory Hard Password Hashing Scheme (2014). https://password-hashing.net/submissions/specs/TwoCats-v0.pdf
Designer, S.: New developments in password hashing: ROM-port-hard functions (2012). http://distro.ibiblio.org/openwall/presentations/New-In-Password-Hashin g/ZeroNights2012-New-In-Password-Hashing.pdf
Dürmuth, M., Zimmermann, R.: AntCrypt (2014). https://password-hashing.net/submissions/AntCrypt-v0.pdf
Enright, B.: Omega Crypt (ocrypt) (2014). https://password-hashing.net/submissions/specs/OmegaCrypt-v0.pdf
Forler, C., Lucks, S., Wenzel, J.: The Catena Password-Scrambling Framework (2015). https://password-hashing.net/submissions/specs/Catena-v3.pdf
Franke, D.: The EARWORM Password Hashing Algorithm (2014). https://password-hashing.net/submissions/specs/EARWORM-v0.pdf
Gosney, J.M.: The Pufferfish Password Hashing Scheme (2015). https://password-hashing.net/submissions/specs/Pufferfish-v1.pdf
Gullasch, D., Bangerter, E., Krenn, S.: Cache games - bringing access-based cache attacks on AES to practice. In: 32nd IEEE Symposium on Security and Privacy, S&P 2011, 22–25 May 2011, Berkeley, California, USA, pp. 490–505 (2011)
Simplicio Jr., M.A., Almeida, L.C., Andrade, E.R., dos Santos, P.C.F., Barreto, P.S.L.M.: The Lyra2 reference guide (2015). https://password-hashing.net/submissions/specs/Lyra2-v3.pdf
Kaliski, B.: RFC 2898 - PKCS #5: Password-Based Cryptography Specification Version 2.0. Technical report, IETF (2000)
Kapun, E.: Yarn password hashing function (2014). https://password-hashing.net/submissions/specs/Yarn-v2.pdf
Maslennikov, M.: PASSWORD HASHING SCHEME MCS\(\_\)PHS (2015). https://password-hashing.net/submissions/specs/MCS_PHS-v2.pdf
Mubarak, H.: Lanarea DF (2014). https://password-hashing.net/submissions/specs/Lanarea-v0.pdf
Percival, C.: Cache missing for fun and profit. In: Proceedings of BSDCan 2005 (2005)
Percival, C.: Stronger Key Derivation via Sequential Memory-Hard Functions. Presented at BSDCan 2009, May 2009 (2009)
Peslyak, A.: yescrypt - a Password Hashing Competition submission (2015). https://password-hashing.net/submissions/specs/yescrypt-v1.pdf
Pintér, K.: Gambit - A sponge based, memory hard key derivation function (2014). https://password-hashing.net/submissions/specs/Gambit-v1.pdf
Pornin, T.: The MAKWA Password Hashing Function (2015). https://password-hashing.net/submissions/specs/Makwa-v1.pdf
Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 2009 ACM Conference on Computer and Communications Security, CCS 2009, 9–13 November 2009, Chicago, Illinois, USA, pp. 199–212 (2009)
Teath Sch. Tortuga - Password hashing based on the Turtle algorithm (2014). https://password-hashing.net/submissions/specs/Tortuga-v0.pdf
Thomas, S.: battcrypt (Blowfish All The Things) (2014). https://password-hashing.net/submissions/specs/battcrypt-v0.pdf
Thomas, S.: Parallel (2014). https://password-hashing.net/submissions/specs/Parallel-v0.pdf
Vuckovac, R.: schvrch (2014). https://password-hashing.net/submissions/specs/Schvrch-v0.pdf
Wu, H.: POMELO: A Password Hashing Algorithm (2015). https://password-hashing.net/submissions/specs/POMELO-v3.pdf
Young, E.A., Hudson, T.J.: OpenSSL: The Open Source toolkit for SSL/TLS, September 2011. http://www.openssl.org/
Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-VM side channels and their use to extract private keys. In: the ACM Conference on Computer and Communications Security, CCS 2012, 16–18 October 2012, Raleigh, NC, USA, pp. 305–316 (2012)
Acknowledgement
Thanks to B. Cox, J. M. Gosney, D. Khovratovich, A. Peslyak, S. Schmidt, H. Wu, and all contributors to the PHC mailing list for providing us with valuable comments and fruitful discussions.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Forler, C., List, E., Lucks, S., Wenzel, J. (2015). Overview of the Candidates for the Password Hashing Competition. In: Mjølsnes, S. (eds) Technology and Practice of Passwords. PASSWORDS 2014. Lecture Notes in Computer Science(), vol 9393. Springer, Cham. https://doi.org/10.1007/978-3-319-24192-0_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-24192-0_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-24191-3
Online ISBN: 978-3-319-24192-0
eBook Packages: Computer ScienceComputer Science (R0)