lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 23 Mar 2014 22:46:41 -0400 From: Bill Cox <waywardgeek@...il.com> To: discussions@...sword-hashing.net Subject: Re: [PHC] On Delegation (Was: "Why I Don't Recommend Scrypt") On Sat, Mar 22, 2014 at 7:31 PM, Solar Designer <solar@...nwall.com> wrote: > Being on the panel for PHC, I am aware that you made this submission > (thank you!), but I did not look at it closely yet because (1) I didn't > have time for that yet, and (2) you didn't make it public yet, which > might be deliberate, so I didn't want to be "exposed" to it yet (given > my plans to possibly make a PHC submission too). So I was unaware of > what features it had. I got a bad feeling when I read "given my plans to *possibly* make a PHC submission too". Somebody's got to build the tools geeks like me will use when we get the itch to write security software. I like to think that after making all the fixes and upgrades to TwoCats that mostly were your suggestions, it might compete with Escript, but the reality is it likely will fall early in cryptanalyst review. The world needs a nice simple password hashing function that can easily be ported, and Escript may not be that simple function, but we need a secure password hashing library even more. OpenSSL is a library, not a hashing function, yet it provides far more benefits than any single hashing or encryption scheme I can think of. Escript should be part of that library. You will seriously piss off my two cats if you do not carry through with Escrypt. Can I start calling it Pwxtrans now? I like that better. Bill
Powered by blists - more mailing lists