Catena: A Memory-Consuming Password Scrambler

Catena: A Memory-Consuming Password-Scrambling Framework

It is a common wisdom that servers should store the one-way hash of their clients’ passwords, rather than storing the password in the clear. In this paper we introduce a set of functional properties a key-derivation function (password scrambler) should have. Unfortunately, none of the existing algorithms satisfies our requirements and therefore, we introduce a novel and provably secure password...

Memory-Demanding Password Scrambling

Most of the common password scramblers hinder passwordguessing attacks by “key stretching”, e.g., by iterating a cryptographic hash function many times. With the increasing availability of cheap and massively parallel off-the-shelf hardware, iterating a hash function becomes less and less useful. To defend against attacks based on such hardware, one can exploit their limitations regarding to th...

Cryptanalytic Time-Memory Tradeoff for Password Hashing Schemes

A cryptanalytic technique known as time-memory tradeoff (TMTO) was proposed by Hellman for finding the secret key of a block cipher. This technique allows sharing the effort of key search between the two extremes of exhaustively enumerating all keys versus listing all possible ciphertext mappings produced by a given plaintext (i.e. table lookups). The TMTO technique has also been used as an eff...

Tradeoff Cryptanalysis of Memory-Hard Functions

We explore time-memory and other tradeoffs for memory-hard functions, which are supposed to impose significant computational and time penalties if less memory is used than intended. We analyze three finalists of the Password Hashing Competition: Catena, which was presented at Asiacrypt 2014, yescrypt and Lyra2. We demonstrate that Catena’s proof of tradeoff resilience is flawed, and attack it w...

The Catena Password - Scrambling Framework 2 nd Round of the Password Hashing Competition ( PHC )