Confirmed users
471
edits
Identity/CryptoIdeas/01-PBKDF-scrypt: Difference between revisions
→Updates / Discussion
| Line 279: | Line 279: | ||
* 01-May-2012: following Ben's advice, I'm updating this to remove email addresses from the Storage Server, instead indexing its storage with anonymous "account IDs", derived in the HKDF step along with the wrapping key and the SRP password. The only wrinkle is that we need to use a fixed SRP salt. | * 01-May-2012: following Ben's advice, I'm updating this to remove email addresses from the Storage Server, instead indexing its storage with anonymous "account IDs", derived in the HKDF step along with the wrapping key and the SRP password. The only wrinkle is that we need to use a fixed SRP salt. | ||
* 01-Mar-2012: bitcoin miners are moving to [https://plus.google.com/108313527900507320366/posts/2ztAhLnXQKm FPGAs], dropping the likely cost of dedicated SHA256 hashing by perhaps 10x. | * 01-Mar-2012: bitcoin miners are moving to [https://plus.google.com/108313527900507320366/posts/2ztAhLnXQKm FPGAs], dropping the likely cost of dedicated SHA256 hashing by perhaps 10x. | ||
* 15-May-2012: Stefan Arentz did some PBKDF benchmarking on mobile devices: https://wiki.mozilla.org/SJCL_PBKDF2_Benchmark . Looks like it takes 3ms/round on the slowest device (iPod Touch 2G), and .14ms/round on a Galaxy Tab (compared to more like 20us/round on a laptop). So we need to decide what the slowest device we'll support well, and use however many rounds 500ms takes on that machine. | |||