lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 31 Aug 2014 07:31:22 -0400 From: Bill Cox <waywardgeek@...hershed.org> To: discussions@...sword-hashing.net Subject: An additional PHS API to include a string? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Microsoft presentation made a good point that stuck with me: users hate dealing with all these different parameters like m_cost and t_cost, and they'll just stick with password and salt if we can't simplify storing hashes in a database. I'm reviewing PufferFish right now, which has includes code for packing/unpacking parameter as a string. I think this is important enough of an issue that the PHC should recommend an additional interface that takes this string and password as the only hashing parameters, and where the string is suitable for storage as an ASCII text field in a dataabase or password file. I really don't think the Microsoft guys understand the PHC entries very well, but they do seem to understand users. For entries moving to the next round, I'd love to see a new requirement for a function for packing/unpacking these strings. Bill -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUAweGAAoJEAcQZQdOpZUZ5nEQAI+tCTqQ4njz5mlG9UJnymrJ DPZ/rkBwN5jiGceBWF8a0B6aBUqy2dZfS6rfPHT8MVq5HFDBxO8TRFNizjGgRkR8 JqL8oHfmDFgmhVmn2A7xmQAKHnz8mif1UjzauAMWx1kttnAGINgcC7t2qJS/ZZR7 pdmDnErhfruPMKqRLlOvSeWQUGRZKB8tJkoR6H4zIMZ0p8RhxY4SrZV63BHujhci OsJTU1Zs59+ykxTaGgUHqcSraIRnRGwUYMn3lZgACLZlCyRx31FAMq8KHAlKcMFq cwQ8CzVu6JpuTRno18ZZnF8cUCFDMOHpfR3Wk4a9HdUSTgu6/qS8hDXucHErEimu uGQzomXJ3/0UU49CKJmj8DtXJAftaCL6UkFuYyjKEi9BdAM1zujCHu1/JGeCyARi Dnf6JhXKYdz6ilqWBZfFGl9NgSU5Y5/Dh6CMFMjfmxCh8rLsKhri8Y6iqnKIUrn1 Uf8M26WTVWgRsCkMzX4yV73ZhAEve4vAhqLhGvd2pa3BpNmMG6sSLKV31Yl/aWMV riPjqrsPgeGWs22aJNb26jO3TNaGv0ov29LOKVXHn5eQTDh0+jE2AL3ej30m/Jj8 kwIv//4Imz91ObFQoWViYM7xIoOHse7hOal+fIMCX7Q3oPIT8clCdX1eKoLrEhCo uKgTogOAmCFNgu/lW3JX =iKQr -----END PGP SIGNATURE-----
Powered by blists - more mailing lists