1999 USENIX Annual Technical Conference, June 6-11, 1999, Monterey, California, USA (original) (raw)

Paper - 1999 USENIX Annual Technical Conference, June 6-11, 1999, Monterey, California, USA [Technical Program]

A Future-Adaptable Password Scheme

Niels Provos and David Mazières {provos,dm}@openbsd.org The OpenBSD Project

Abstract:

Many authentication schemes depend on secret passwords. Unfortunately, the length and randomness of user-chosen passwords remain fixed over time. In contrast, hardware improvements constantly give attackers increasing computational power. As a result, password schemes such as the traditional UNIX user-authentication system are failing with time.

This paper discusses ways of building systems in which password security keeps up with hardware speeds. We formalize the properties desirable in a good password system, and show that the computational cost of any secure password scheme must increase as hardware improves. We present two algorithms with adaptable cost--eksblowfish, a block cipher with a purposefully expensive key schedule, and_bcrypt_, a related hash function. Failing a major breakthrough in complexity theory, these algorithms should allow password-based systems to adapt to hardware improvements and remain secure well into the future.

• Introduction
• Related Work
• Design criteria for password schemes
• Eksblowfish Algorithm
• Bcrypt Algorithm
  • Implementation
• Bcrypt Evaluation
  • Comparison
    * Traditional crypt
    * MD5 crypt
  • Attacks and Vulnerabilities
    * Salt Collisions
    * Precomputing Dictionaries
    * Algorithm Optimization
    * Hardware Improvements
• Conclusion
• Acknowledgments
• References
• About this document ...

Niels Provos and David Mazieres
4/28/1999