Dammit, Bruce Schneier had a link this month to a password hashing competition, but I was too slow. the link is here: https://password-hashing.net/
In the meantime it occurs that one way to try and defeat GPU based cracking is to increase the complexity of the hashing process so that it's harder to pipeline the functions on the GPU.
One way to do that would be to have per user based iteration counts where the actual number of iterations is decided within the hashing process itself, by using different hashing algorithms and by re-introducing the salt at various points in the iteration process.
The hashing version would define the total iteration count and each of two hashing algorithms. V1 would use an iteration count i of 100000, SHA-512 and Whirlpool-512.
- Take the Password ' p ', gener ate a random salt, ' r '
- concatenate p and r .
- iterate p r through Algorithm 1 for 1000 iterations to arrive at h incrementing i each time
- take the last byte of h which is unpredicta ble but not random as x
- concatenate the salt with h to get hs
- iterate hs for x iteration s through Algorithm 2 increming i each time
- take the last bye of h which is unpredictable but not random as x
- concatenate the salt with h to get hs
- go back to Algorithm 1 unless the i is exceeded in which case h is the output hash
As part of the password test, the user has required to transmit the password. This would be a great time to change the salt! Yes, I mean it, so at the same time as we test the password, we also make a new hash from a new random salt. if the password test succeeded, we store the new salt and hash.
WTF? Why are we doing that? If attackers have regular access to our user table the passwords all change a LOT more frequently, so it's harder to tell who has really changed their password. The disbenefit is that users that log in rarely will be plainly obvious. An additional benefit if that if there is a need to move from V1 to V2, this will be done magically at next login.
Each concatentaion is a string function converting the 512 bit hash to a string and then adding another string to it.