Abstract
We propose two practical and provably secure password hashing algorithms, Pleco and Plectron. They are built upon well-understood cryptographic algorithms, and combine advantages of symmetric and asymmetric primitives. By employing the Rabin cryptosystem, we prove that the one-wayness of Pleco is at least as strong as the hard problem of integer factorization. In addition, both password hashing algorithms are designed to be sequential memory-hard, in order to thwart large-scale password cracking by parallel hardware, such as GPUs, FPGAs, and ASICs. Moreover, the total computation and memory consumptions of Pleco and Plectron are tunable through their cost parameters.
Type
Publication
The 5th ACM Conference on Data and Application Security and Privacy (CODASPY 2015)
