How to Use Adaptive Hashes Without Making Yourself Vulnerable to DoS Attacks

Learn how to implement adaptive hashing functions for password protection without exposing your system to Denial of Service (DoS) attacks in this 51-minute conference talk from LASCON 2014. Explore the challenges of securing hashed passwords against theft and brute force attacks while maintaining system performance. Discover a novel solution that uses a proof of work scheme to separate DoS protection from password protection, minimizing authentication delays for users. Analyze relevant attack vectors through threat modeling, compare secure design alternatives, and address key questions about client-side hashing and salt management. Gain specific guidance for developers on implementing adaptive hashing securely while mitigating DoS vulnerabilities.

2014 - How to use adaptive hashes without making yourself vulnerable to DoS attacks - Amit Sethi