lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 4 Jan 2014 19:10:10 -0500
From: Daniel Franke <dfoxfranke@...il.com>
To: discussions@...sword-hashing.net
Subject: Proposed timeline changes

Recent discussions on this list are making me question whether the
currently planned PHC timeline still makes sense. Some observations:

1. It looks like the number of entries is going to be fairly small:
probably fewer than ten.

2. All the designers of the most-discussed hashes (escrypt, EARWORM,
Catena, NOELKDF) seem to be under time pressure to get their submissions
completed. With four weeks left prior to the current submission deadline,
no submissions have yet been accepted.

3. We're learning a lot from each other as we go along, which is not
surprising, considering how little attention the topic of password hashing
has gotten prior to this competition. (In contrast, when the AES and SHA-3
competitions began, their respective fields were much more mature). I think
that soon after submissions are posted, somebody is going to come up with a
synthesis of our ideas that improves on all of them.

I therefore propose the following:

1. Move out the round 1 submission deadline to March 31.

2. Restructure round 2. Instead of choosing finalists and permitting minor
tweaks, allow the submission of completely new designs. To maintain some
coherence and discourage holding back ideas, require that every round 2
submission have at least one round 1 participant listed as an author. From
there I think we can go directly to selecting winners. Unless we get a lot
more entries than I expect, culling the field down to a set of finalists
seems unnecessary. The revised timeline might look something like this:

2014 Mar 31: 1st round submissions due
2015 Q1: 2nd round submissions due
2015 Q4: winners selected

Thoughts?

Content of type "text/html" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ