The Password Hashing Competition: Motivation, Challenges, and Organization

Passwords13 Las Vegas

Presented by: Jean-Philippe Aumasson (veorq)
Date: Tuesday July 30, 2013
Time: 16:30 - 16:50
Location: Main Room
Track: Passwords13

The Password Hashing Competition gathers the leading experts from the password cracking scene, as well as cryptographers and software engineers from academia, as well as NIST, to develop the password hashing methods of the future.

Passwords are hashed everywhere: operating systems, smartphones, web services, disk encryption tools, etc. Hashing passwords mitigates the impact of a compromised database by forcing attackers to brute force passwords. Brute force is easier when the hash function is not "salted", fast to evaluate, and easy to implement as multiple parallel instances on GPUs or multi-core systems.

However, existing solutions are not satisfactory, and the huge majority of systems relies on weak hashes (cf. leaks from Sony, LinkedIn, or more recently Evernote). After a brief introduction of the problem and previous solution attempts, this talk presents a roadmap towards new improved hashing methods, as desired by a number of parties (from industry and standardization organizations).

Jean-Philippe Aumasson

Jean-Philippe Aumasson, aka veorq, is Swiss cryptographer currently employed by Kudelski Security. He is best known for designing the SHA-3 finalist BLAKE and SipHash (used in OpenDNS, Perl, Ruby, etc.) Recently, he initiated the Cryptography Coding Standard and the Password Hashing Competition. Some say that he's terrified of ducks, and that there's an airport in Russia named after him.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats