A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : Password Storage Using Public Key Encryption Author(s) : Robert Kisteleki Filename : draft-kistel-encrypted-password-storage-00.txt Pages : 5 Date : 2013-12-08 Abstract: Current password storage methods predominantly use cryptographic hash functions in order to avoid storing users' passwords in clear text. Unfortunately, recent advancements in hardware design (notably GPUs) allow an attacker to try millions or even billions of password guesses per second which makes "decryption" of simple passwords feasible in short amounts of time. This document describes a password storage scheme that incorporates public key encryption in order to slow down password verification. Since public key algorithms are several orders of magnitude slower than hash functions, the result makes it much harder for an attacker to discover users' passwords from the stored, encrypted format. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-kistel-encrypted-password-storage There's also a htmlized version available at: http://tools.ietf.org/html/draft-kistel-encrypted-password-storage-00 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ I-D-Announce mailing list I-D-Announce@ietf.org https://www.ietf.org/mailman/listinfo/i-d-announce Internet-Draft directories: http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
