On Password Guessing with GPUs and FPGAs
Author(s): Markus Dürmuth, Thorsten Kranz

Date: December 2014
Publication: 8th International Conference on Passwords (Passwords14 Norway). Lecture Notes in Computer Science, Volume 9393
Page(s): 19 - 38
Publisher: Springer
Source 1: https://www.emsec.rub.de/media/mobsec/veroeffentlichungen/2015/04/02/duermuth-2014-password-guessing.pdf
Source 2: http://dx.doi.org/10.1007/978-3-319-24192-0_2 - Subscription or payment required

Passwords are still by far the most widely used form of user authentication, for applications ranging from online banking or corporate network access to storage encryption. Password guessing thus poses a serious threat for a multitude of applications. Modern password hashes are specifically designed to slow down guessing attacks. However, having exact measures for the rate of password guessing against determined attackers is non-trivial but important for evaluating the security for many systems. Moreover, such information may be valuable for designing new password hashes, such as in the ongoing password hashing competition (PHC).

In this work, we investigate two popular password hashes, bcrypt and scrypt, with respect to implementations on non-standard computing platforms. Both functions were specifically designed to only allow slow-rate password derivation and, thus, guessing rates. We develop a methodology for fairly comparing different implementations of password hashes, and apply this methodology to our own implementation of scrypt on GPUs, as well as existing implementations of bcrypt and scrypt on GPUs and FPGAs.

PasswordResearch.com Note: Video of presentation available: https://video.adm.ntnu.no/pres/5499318fcce2c

Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.

<-- Back to Authentication Research Paper Index

[Home] [About Us] [News] [Research]

Copyright © 2016 PasswordResearch.com