| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 18 Feb 2013 11:23:16 -0800 From: "Dennis E. Hamilton" <dennis.hamilton@....org> To: <discussions@...sword-hashing.net> Subject: Q: Reference t_cost and m_cost parameters For the candidate reference-implementation API, the t_cost and m_cost parameters are apparently unitless values related to time cost and space (memory cost). Is there some standard definition for these, so that one can substitute implementations but not need to know the implementation to know the consequences? Or is it presumed that a candidate specify how these are interpreted and once a particular function is "standardized" as *the* PHS, the interpretation of the parameters will be fixed? By fixed I mean that the salt and the cost parameters would be either stored or otherwise preserved between creation of a hash and recomputation of the hash for authentication of a password. I am thinking of the case where the authentication may be done by different systems than the one that originally derived the hash, as when using password-based encryption of documents in an interchange situation or in a long-lived personal archive, longer-lived than the computer used to create the password hash originally. In this case it may be necessary to communicate the salt and the cost parameters along with the derived hash value. - Dennis
Powered by blists - more mailing lists