[Cryptography] Why don't we protect passwords properly?

[Krisztián Pintér]

Bill Frantz (at Thursday, December 26, 2013, 3:25:57 AM):

> However, given the current security situation, I am find ways of
> protecting against attacks which aren't seen in practice at best 
> of academic interest. Discovering protections is a fun exercise, 
> but it isn't addressing the problems which are killing us today.

okay, i address this once more, because i feel we are running in
circles.

your argument is a double standard. i know zero cases when people
attacked pbkdf2. therefore, according to this logic, we have no reason
to move on. it is just as good. the very reason we want to move on is
preparation for the future. we want to be the ones taking the step
first, not the bad guys. hence my argument: watch out for side channel
attacks.

> For my part, I worry
> about random number generators, CAs, spear phishing, and the 
> Hoovering of unencrypted metadata. There are probably other 
> things I should worry about, but side channel attacks,

first, this is a false dichotomy. second, side channel attacks are far
from being theoretical. they are out there in the wilderness already.

> Pure technical solutions don't cut it now, and as I learned late
> in my career, never did.

in cryptography, only pure technical solutions work. that is the cry
from the academia for years if not decades. please engineers, start to
use our methods, algorithms, recommendations. the solution for many
attacks and insecurities are discovered long ago, but we refuse to
incorporate them in our software. this have to change.

> So you have no realistic attack model.

what is a "realistic" attack model? my attack model is one that can be
done. but not one that actually happened. i refuse to consider it bad.