There are many ways of generating keys from a password being used in the world. Unfortunately most of them are insecure and weak. Typical problems is using unsalted cryptographic hash functions such as MD5 or SHA-1. This opens up to precomputation based attacks called rainbow attacks. There are even web service and bots on Twitter that can find the password for you:
There are couple of standard, most notably PBKDF#2 as specified in RFC 2898. One algorithm often pointed to is bcrypt based on the Blowfish block cipher. Bcrypt provides good resistance to rainbow attacks, but can also scale computationally wise to mitigare increasing computation power. But bcrypt does not have a mechanism for handling compute-memory tradeoffs. The Scrypt algorithm is a later development that provides the ability not only to brute force computation requirements, but also memory requirements.
So basically we have three algorithms of which only one provides strong resistance against large scale hardware based attacks.
In order to improve the situation, and also better support a wider array of applications, for example web services, PIN authentication on mobile devices, key derivation for full disk encryption, or private keys encryption, a group of cryptographers started the Password Hashing Competition (PHC). PHC was started in 2014 with a call for submissions. A total of 24 candidates was submitted. From the candidates nine candidates have now been selected: Argon, battcrypt, Catena, Lyra2, Makwa, Parallel, POMELO, Pufferfish and yescrypt.
Criteria used during evaluation has been:
- Defense against GPU/FPGA/ASIC attackers
- Defense against time-memory tradeoffs
- Defense against side-channel leaks
- Defense against cryptanalytic attacks
- Elegance and simplicity of design
- Quality of the documentation
- Quality of the reference implementation
- General soundness and simplicity of the algorithm
- Originality and innovation
The candidate evaluation report gives a good presentation of the nine finalists and the candidates that didn't make it to the final. The next step in PHC is to select one or more finalist as recommended algorithms. This selection is to be done in Q2 2015. We at Assured follow the PHC and look forward to the final algorithms.