yescrypt: large-scale password hashing

These are the slides on yescrypt that we used at BSidesLjubljana 2017. In a sense, this presentation is a continuation of Password security: past, present, future (PHDays 2012, Passwords^12), Password hashing at scale (YaC 2012), New developments in password hashing: ROM-port-hard functions (ZeroNights 2012), and yescrypt: password hashing scalable beyond bcrypt and scrypt (PHDays 2014), so you might want to check those out as well. Also relevant is our presentation on Energy-efficient bcrypt cracking (Passwords^14).

In this presentation, the problem of password hash cracking is framed as largely that of cost amortization, and thus the problem of password hashing as coming up with affordably costly and amortization-resistant password hashing schemes. In this context, rationale is given for both scrypt's sequential memory-hard hashing and yescrypt's numerous additions to it. Finally, application of yescrypt to mass user authentication is demonstrated.

Please click on the slides for higher-resolution versions. You may also download a PDF file with all of the slides (24 MB) or watch or download a video of the talk via links off the conference website.

Quick Comment: