Password Hashing Competition - Survey and Benchmark

Password hashing is the common approach for maintaining users' password-related information that is later used for authentication. A hash for each password is calculated and maintained at the service provider end. When a user logins the service, the hash of the given pass- word is computed and contrasted with the stored hash. If the two hashes match, the authentication is successful. However, in many cases the pass- words are just hashed by a cryptographic hash function or even stored in clear. These poor password protection practises have lead to ecient attacks that expose the users' passwords. PBKDF2 is the only standard- ized construction for password hashing. Other widely used primitives are bcrypt and scrypt. The low variety of methods derive the international cryptographic community to conduct the Password Hashing Competi- tion (PHC). The competition aims to identify new password hashing schemes suitable for widespread adoption. It started in 2013 with 22 active submissions. Nine nalists are announced during 2014. In 2015, a small portfolio of schemes will be proposed. This paper provides the rst survey and benchmark analysis of the 22 proposals. All proposals are evaluated on the same platform over a common benchmark suite. We measure the execution time, code size and memory consumption of PBKDF2, bcrypt, scrypt, and the 22 PHC schemes. The rst round re- sults are summarized along with a benchmark analysis that is focused on the nine nalists and contributes to the nal selection of the winners.

[1]  Samuel Neves,et al.  BLAKE2: Simpler, Smaller, Fast as MD5 , 2013, ACNS.

[2]  John Kelsey,et al.  Recommendation for Random Number Generation Using Deterministic Random Bit Generators , 2014 .

[3]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[4]  Anas N. Al-Rabadi,et al.  A comparison of modified reconstructability analysis and Ashenhurst‐Curtis decomposition of Boolean functions , 2004 .

[5]  Paul C. van Oorschot,et al.  Leveraging personal devices for stronger password authentication from untrusted computers , 2011, J. Comput. Secur..

[6]  David Mazières,et al.  A future-adaptive password scheme , 1999 .

[7]  Stefan Lucks,et al.  Overview of the Candidates for the Password Hashing Competition - And Their Resistance Against Garbage-Collector Attacks , 2014, PASSWORDS.

[8]  Pascal Junod,et al.  Characterization and Improvement of Time-Memory Trade-Off Based on Perfect Tables , 2008, TSEC.

[9]  Guomin Yang,et al.  Cross-domain password-based authenticated key exchange revisited , 2013, 2013 Proceedings IEEE INFOCOM.

[10]  Nigel J. Duffy,et al.  Connectionist Password Quality Tester , 2002, IEEE Trans. Knowl. Data Eng..

[11]  Simon Josefsson,et al.  The scrypt Password-Based Key Derivation Function , 2016, RFC.

[12]  Cormac Herley,et al.  A large-scale study of web password habits , 2007, WWW '07.

[13]  Julie Thorpe,et al.  On predictive models and user-drawn graphical passwords , 2008, TSEC.

[14]  Dinakar Dhurjati,et al.  Memory safety without garbage collection for embedded applications , 2005, TECS.

[15]  Paul C. van Oorschot,et al.  On countering online dictionary attacks with login histories and humans-in-the-loop , 2006, TSEC.

[16]  Joseph Bonneau,et al.  Towards Reliable Storage of 56-bit Secrets in Human Memory , 2014, USENIX Security Symposium.

[17]  Alptekin Küpçü,et al.  Single password authentication , 2013, Comput. Networks.

[18]  Donggang Liu,et al.  Using Auxiliary Sensors for Pairwise Key Establishment in WSN , 2007, Networking.

[19]  Hung-Min Sun,et al.  oPass: A User Authentication Protocol Resistant to Password Stealing and Password Reuse Attacks , 2012, IEEE Transactions on Information Forensics and Security.

[20]  Paul C. van Oorschot,et al.  An Administrator's Guide to Internet Password Research , 2014, LISA.

[21]  David Mazières,et al.  The Advanced Computing Systems Association a Future-adaptable Password Scheme a Future-adaptable Password Scheme , 2022 .

[22]  Stefan Lucks,et al.  The Catena Password-Scrambling Framework Submission to the Password Hashing Competition ( PHC ) , 2014 .

[23]  Gianluca Dini,et al.  LARK: A Lightweight Authenticated ReKeying Scheme for Clustered Wireless Sensor Networks , 2011, TECS.

[24]  Goutam Paul,et al.  RC4 Stream Cipher and Its Variants , 2011 .

[25]  Yehuda Lindell,et al.  A framework for password-based authenticated key exchange1 , 2006, TSEC.

[26]  Charalampos Manifavas,et al.  Lightweight Cryptography for Embedded Systems - A Comparative Analysis , 2013, DPM/SETOP.

[27]  Bruce Schneier,et al.  Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish) , 1993, FSE.

[28]  Hilarie Orman Twelve Random Characters: Passwords in the Era of Massive Parallelism , 2013, IEEE Internet Computing.

[29]  Jae Wook Jeon,et al.  A reliable gateway for in-vehicle networks based on LIN, CAN, and FlexRay , 2012, TECS.

[30]  Burton S. Kaliski,et al.  PKCS #5: Password-Based Cryptography Specification Version 2.0 , 2000, RFC.

[31]  Colin Percival STRONGER KEY DERIVATION VIA SEQUENTIAL MEMORY-HARD FUNCTIONS , 2009 .

[32]  Stefan Lucks,et al.  Catena: A Memory-Consuming Password Scrambler , 2013, IACR Cryptol. ePrint Arch..

[33]  Yehuda Lindell,et al.  A Framework for Password-Based Authenticated Key Exchange , 2003, EUROCRYPT.

[34]  Daniel J. Bernstein,et al.  The Salsa20 Family of Stream Ciphers , 2008, The eSTREAM Finalists.

[35]  Rohit Chandra,et al.  Parallel programming in openMP , 2000 .