Password Hashing Competition
There's a private competition to identify new password hashing schemes. Submissions are due at the end of the month.
Posted on March 25, 2014 at 5:58 AM
N and X measure different things and serve different purposes, they should not be conflated.
X is the length of the password, if I have to remember it it is limited by my memory and ability to type. So its maximum value is essentially constant.
N measures computing power. This is dependent on the available technology and changes with time.
For any given X there is some potential level of computing power that breaks a hash in say one hour. As long as computers keep improving N has to keep increasing to maintain security.
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.