indexo.dev

mfchf.com

.com crawl

First seen 2026-04-25 · Last seen 2026-05-19 · ok HTTP/1.1 200 374 ms crawled 2026-05-18

US · 104.21.13.221 · AS13335 Cloudflare, Inc.

Reputation 87/100 weak security headers no dmarc policy

Classifying

HTML metadata

Title
Multi-Factor Credential Hashing Function (MFCHF)
Description
Since the introduction of bcrypt in 1999, adaptive password hashing functions, whereby brute-force resistance increases symmetrically with computational difficulty for legitimate users, have been our most powerful post-breach countermeasure against credential disclosure. Unfortunately, the relatively low tolerance of users to added latency places an upper bound on the deployment of this technique in most applications. In this paper, we present a multi-factor credential hashing function (MFCHF) that incorporates the additional entropy of multi-factor authentication into password hashes to provide asymmetric resistance to brute-force attacks. MFCHF provides full backward compatibility with existing authentication software (e.g., Google Authenticator) and hardware (e.g., YubiKeys), with support for common usability features like factor recovery. The result is a 10 6 to 10 48 times increase in the difficulty of cracking hashed credentials, with little added latency or usability impact.
Language
en

Open Graph

url
https://mfchf.com
title
Multi-Factor Credential Hashing Function (MFCHF)
description
Since the introduction of bcrypt in 1999, adaptive password hashing functions, whereby brute-force resistance increases symmetrically with computational difficulty for legitimate users, have been our most powerful post-breach countermeasure against credential disclosure. Unfortunately, the relatively low tolerance of users to added latency places an upper bound on the deployment of this technique in most applications. In this paper, we present a multi-factor credential hashing function (MFCHF) that incorporates the additional entropy of multi-factor authentication into password hashes to provide asymmetric resistance to brute-force attacks. MFCHF provides full backward compatibility with existing authentication software (e.g., Google Authenticator) and hardware (e.g., YubiKeys), with support for common usability features like factor recovery. The result is a 10 6 to 10 48 times increase in the difficulty of cracking hashed credentials, with little added latency or usability impact.

Technology

CDN
Cloudflare
Analytics
  • Google Tag Manager

Third-party hosts loaded (5)

  • cdnjs.cloudflare.com×4
  • img.shields.io×3
  • buttons.github.io×1
  • cdn.jsdelivr.net×1
  • www.googletagmanager.com×1

Social

Registration

Registrar
Cloudflare, Inc.
Created
2022-10-15
Expires
2026-10-15 148 days left
Updated
2024-02-20
Name servers
  • amit.ns.cloudflare.com
  • heather.ns.cloudflare.com

DNS records live

NS
  • amit.ns.cloudflare.com
  • heather.ns.cloudflare.com
MX
  • 3 route3.mx.cloudflare.net
  • 59 route2.mx.cloudflare.net
  • 9 route1.mx.cloudflare.net

Email authentication weak

SPF
v=spf1 include:_spf.mx.cloudflare.net ~all
softfail (~all)
DMARC
not published
DKIM
no key found at common selectors

Certificate (current)

WE1
from 2026-03-29 to 2026-06-27
Expires in 38 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 30/100 Checked live page: https://mfchf.com/

findings
  • missing HSTS
  • missing Content Security Policy
  • missing frame protection
  • missing content type protection
  • missing Referrer Policy
  • missing Permissions Policy

Links to (2)

Linked from (4)