Content deleted Content added
Citation bot (talk | contribs) m Alter: template type, pages. Add: year, doi, citeseerx. Removed parameters. Formatted dashes. | You can use this bot yourself. Report bugs here. | User-activated. |
Citation bot (talk | contribs) m Removed parameters. | You can use this bot yourself. Report bugs here. | User-activated. |
||
Line 40:
As any PHS, Lyra2 takes as input a [[salt (cryptography)|salt]] and a [[password]], creating a [[pseudorandomness|pseudorandom]] output that can then be used as key material for cryptographic algorithms or as an [[authentication protocol|authentication]] string.<ref>{{Cite journal|url=http://csrc.nist.gov/publications/nistpubs/800-108/sp800-108.pdf|title=Recommendation for Key Derivation Using Pseudorandom Functions (Revised)|last=Chen|first=Lily|website=Computer Security|publisher=NIST|doi=10.6028/NIST.SP.800-108|year=2009}}</ref>
Internally, the scheme's memory is organized as a matrix that is expected to remain in memory during the whole password hashing process: since its cells are iteratively read and written, discarding a cell for saving memory leads to the need of recomputing it whenever it is accessed once again, until the point it was last modified.<ref name=":2">{{Cite journal|last=Andrade|first=E.|last2=Jr|first2=M. Simplicio|last3=Barreto|first3=P.|last4=Santos|first4=P.|date=2016-01-01|title=Lyra2: efficient password hashing with high security against time-memory trade-offs
The construction and visitation of the matrix is done using a stateful combination of the absorbing, squeezing and duplexing operations of the underlying [[Sponge function|sponge]] (i.e., its internal state is never reset to zero), ensuring the sequential nature of the whole process.
| |||