1

I was thinking about a password hashing scheme that would work roughly as follows.

for i:=0 to n do
  password = HASH(password)

private_key = GenerateRandomKey(ED448)
public_key = GetPublicKey(ED448, private_key)
signature = Sign(private_key, password)
secure_zero(private_key)
hash = "$"+n+"$" + Base64(public_key) + "$" + Base64(signature) + "$"

When verifying password, the verificator would repeat the password hashing step and see if the signature verifies the given data.

Edit: I just realized this same thing could be achieved by just using the PBKDF2 output (strong random salt and password) as private key, multiply it and publish salt and public key as password hash.

Are there some problems with this scheme? In practice, I was thinking about using something like PBKDF2-HMAC-SHA256 as hash and including salt with this too.

cmouse
  • 111
  • 3
  • Please don't ask if some new password hashing scheme is secure. Instead explain why you needed a new scheme in the first place. Then explain why you feel that your scheme is better than the established schemes or maybe at least better in your specific use case. Based on this others can discuss if your assumptions are correct. If you cannot do this then see [Why shouldn't we roll our own?](https://security.stackexchange.com/questions/18197/why-shouldnt-we-roll-our-own). – Steffen Ullrich May 04 '17 at 18:22
  • Good point,I'll consider this. – cmouse May 05 '17 at 04:10

0 Answers0