| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 24 Mar 2014 06:31:52 -0700 From: Jeremi Gosney <epixoip@...dshell.nl> To: discussions@...sword-hashing.net Subject: Re: [PHC] pufferfish On 3/24/2014 2:19 AM, Jeremi Gosney wrote: > On 3/23/2014 8:43 PM, Bill Cox wrote: >> This seems a bit complicated to me for a nice simple password hashing >> function. > I will consider simplifying this a bit. I had selected > chacha8 to fill the sboxes since it is a lot more lightweight than > sha512, and I didn't want this part of the algorithm to be the most > expensive part. For example, if we used sha512 instead of chacha8 to > fill the s-boxes, an m_cost of 64, we'd need 1024 iterations of sha512. > That's really heavy for just the initialization. But, it could indeed be > simplified by just doing something like: > > state := hmac-sha512 (sha512 (salt), password) > foreach sbox do > for i := 0 to 3 do > for j := 0 to m_cost / 4 > sbox[i][j] = sha512 (state) > key := hmac-sha512 (state, password) > > But while it is less steps, it's also a lot more expensive. I'll > experiment with it, but I really don't see a need to be so compute-heavy > during the initialization phase. I went ahead and experimented with this tonight, and while it is a fair amount heavier, it is simpler and I do believe I like it better. So I went ahead and commited this revision to the repository.
Powered by blists - more mailing lists