Password Hashes, Again

Vlad Dascalu vladd at
Mon Apr 16 12:12:30 UTC 2012

> Of course, this will change as effects/etc GPU's are used for become
> ever more complex.
> I wouldn't expect this particular limitation to last for very long.
> It was only a short time ago that GPU's basically had *no* local ram.

Due to paralelization, it's much more expensive for them to match our
RAM requirements: There's nothing which prevents us from implementing
a hash computation algorithm requiring 20 MB of addressable RAM for
each login procedure, and this would be a show-stopper for most
attackers as they cannot afford that much RAM per individual worker.

More information about the developers mailing list