I\'m considering using SCRYPT for password storage. (I\'m open to PBKDF2 as well

Question

I'm considering using SCRYPT for password storage. (I'm open to PBKDF2 as well, or bcrypt by itself).

The issue is that I don't want this to become a potential point for a DDOS attack, given the overhead of the actual computation.

I was thinking something VERY weak with a lot of collisions as a sanity check first (like CRC8) against the SALT+PASSPHRASE might be a good idea. (then using a wait before returning the failure to guard against timing attack).

This assumes a minimum length of 8, with a 3 of 4 requirement for:

- Uppercase Alpha
- Lowercase Alpha
- Number
- Non Alpha-numeric

How much would this would actually reduce the effectiveness of SCRYPT in a brute force attack should data be compromised?

Explanation / Answer

You shouldn't mess with the algorithm like this. I can't think about what the impact of this method is but it does scream insecurity. At the very least, it would allow an attacker to move roughly 256 times as fast since CRC is a relatively simple math function and then of course faster on the database part. You're a few whiteboard coding exercises away from somebody dumping all your passwords if they get DB access.

Instead, issue a token using a cheap function that is rate-limited per client address or client address prefix and require that token with the username and password. That will allow you to rate limit how often you perform the expensive password checking process.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.