lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 31 Aug 2014 07:31:22 -0400
From: Bill Cox <waywardgeek@...hershed.org>
To: discussions@...sword-hashing.net
Subject: An additional PHS API to include a string?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The Microsoft presentation made a good point that stuck with me: users
hate dealing with all these different parameters like m_cost and
t_cost, and they'll just stick with password and salt if we can't
simplify storing hashes in a database.

I'm reviewing PufferFish right now, which has includes code for
packing/unpacking parameter as a string.  I think this is important
enough of an issue that the PHC should recommend an additional
interface that takes this string and password as the only hashing
parameters, and where the string is suitable for storage as an ASCII
text field in a dataabase or password file.

I really don't think the Microsoft guys understand the PHC entries
very well, but they do seem to understand users.  For entries moving
to the next round, I'd love to see a new requirement for a function
for packing/unpacking these strings.

Bill
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUAweGAAoJEAcQZQdOpZUZ5nEQAI+tCTqQ4njz5mlG9UJnymrJ
DPZ/rkBwN5jiGceBWF8a0B6aBUqy2dZfS6rfPHT8MVq5HFDBxO8TRFNizjGgRkR8
JqL8oHfmDFgmhVmn2A7xmQAKHnz8mif1UjzauAMWx1kttnAGINgcC7t2qJS/ZZR7
pdmDnErhfruPMKqRLlOvSeWQUGRZKB8tJkoR6H4zIMZ0p8RhxY4SrZV63BHujhci
OsJTU1Zs59+ykxTaGgUHqcSraIRnRGwUYMn3lZgACLZlCyRx31FAMq8KHAlKcMFq
cwQ8CzVu6JpuTRno18ZZnF8cUCFDMOHpfR3Wk4a9HdUSTgu6/qS8hDXucHErEimu
uGQzomXJ3/0UU49CKJmj8DtXJAftaCL6UkFuYyjKEi9BdAM1zujCHu1/JGeCyARi
Dnf6JhXKYdz6ilqWBZfFGl9NgSU5Y5/Dh6CMFMjfmxCh8rLsKhri8Y6iqnKIUrn1
Uf8M26WTVWgRsCkMzX4yV73ZhAEve4vAhqLhGvd2pa3BpNmMG6sSLKV31Yl/aWMV
riPjqrsPgeGWs22aJNb26jO3TNaGv0ov29LOKVXHn5eQTDh0+jE2AL3ej30m/Jj8
kwIv//4Imz91ObFQoWViYM7xIoOHse7hOal+fIMCX7Q3oPIT8clCdX1eKoLrEhCo
uKgTogOAmCFNgu/lW3JX
=iKQr
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists