eprint.iacr.org will be offline for approximately an hour for routine maintenance at 11pm UTC on Tuesday, April 16. We lost some data between April 12 and April 14, and some authors have been notified that they need to resubmit their papers.
You are looking at a specific version 20131007:115015 of this paper. See the latest version.

Paper 2013/525

Catena: A Memory-Consuming Password Scrambler

Christian Forler and Stefan Lucks and Jakob Wenzel

Abstract

It is a common wisdom that servers should better store the one-way hash of their clients’ passwords, rather than storing the password in the clear. This paper introduces Catena, a new one-way function for that purpose. Catena is memory-hard, which can hinder massively parallel attacks on cheap memory-constrained hardware, such as recent “graphical processing units”, GPUs. Furthermore, Catena has been designed to resist cache-timing attacks. This distinguishes Catena from scrypt, which may be sequentially memory-hard, but which we show to be vulnerable to cache-timing attacks. Additionally, Catena supports (1) client-independent updates (the server can increase the security parameters and update the password hash without user interaction or knowing the password), (2) a server relief protocol (saving the server’s resources at the cost of the client), and (3) a variant Catena-KG for secure key derivation (to securely generate many cryptographic keys of arbitrary lengths such that compromising some keys does not help to break others).

Metadata
Available format(s)
PDF
Publication info
Preprint.
Keywords
passwordmemory-hardcache-timing attackpebble game
Contact author(s)
christian forler @ uni-weimar de
stefan lucks @ uni-weimar de
jakob wenzel @ uni-weimar de
History
2016-12-12: last of 12 revisions
2013-08-30: received
See all versions
Short URL
https://ia.cr/2013/525
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.