Lyra2: Efficient Password Hashing with High Security against Time-Memory Trade-Offs


We present Lyra2, a password hashing scheme (PHS) based on cryptographic sponges. Lyra2 was designed to be strictly sequential for a given number of cores (i.e., not easily parallelizable beyond that number), providing strong security even against attackers using custom hardware or GPUs. At the same time, it is very simple to implement in software and allows legitimate users to fine tune its memory and processing costs according to the desired level of security against brute force password-guessing. Lyra2 is an improvement of the recently proposed Lyra algorithm, providing an even higher security level against different attack venues and overcoming some limitations of this and other existing schemes.

In IEEE Transactions on Computers.

A Password Hashing Scheme (PHS) based on cryptographic sponges.

Também disponível em:

Este trabalho é um substrato da Tese de Doutorado desenvolvida na Escola Politécnica da Universidade de São Paulo (Poli-USP).

A Tese está disponível no Portal de Teses e Dissertações da USP.