| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 02 Sep 2014 15:41:39 -0400 From: Bill Cox <waywardgeek@...hershed.org> To: discussions@...sword-hashing.net Subject: Re: [PHC] A review per day - Schvrch -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I owe you an apology. I'm sorry to have called your paper and code weak. By the paper, I only meant the PHC submission, not your attached paper. The code *is* weak as a framework for a secure successor of Scrypt or bcrypt. As a demonstration of using the stir, revolve, and evolve functions for memory hashing, it's buggy, but likely shows your intent well. It would be simple enough to cut these three functions out of Schvrch and paste them into one of the other entries with a stronger password defense framework. I'd be happy to help with that if needed. Bill -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUBh1wAAoJEAcQZQdOpZUZMIoQAI3AxHyUC7Ij017eyS7WcmPi PAGs+UkspCfkzrwmRfrKLithQ/knmgPyy7zht3p2PexpZ4GXVvbyNJHXrQ4P7hDA EOijHJhXt6HWdWAJxFPjMlcn11d4FYPgiMS9vzHFBTRtzQ8SdKJ+GcnO3yMSopn+ h3VJi9isvTOq8KjCXrRMGaIiq/0HyaPH3ePaJ0Vd5ShtXXJrRIx2ngWjj6xnEPpq 9d5T9GGPMcIfHj+rN4hL2EZ8YTMuWJf0elQ/LuyVQ/3SgM2fzvftG2mpv0BMHE4o lmyQH0NsUKPDfgoxX+RHOvr998E9iCPcy2ZJashZQ4o9FWMgD4byBg/Cmp01JgOL WejiXbQCBEJ4Zuyuh6mcFsQkqvwreZBX/Dzk51lVLrOY3h20PxVgi17ZzyeoC7qu rL5eLEkcWGAko0wMR1uRxuIuoIpSFtl/4SeMKe8fNDfGkQSGYiiIu2pqStIllCBc W6bZUvJetZtSku2fZJmDETc/7JDkc4XHtwDChPqAJltSINVR+pvNK4S8TIrn5eTL WDNF9i4SJ7WUPALgY58GWoWMb52TUwQHJtLlUi7QwquC4Ms9SyNHX6VcBTDT4F/6 K6dtm3OgfM8WcymIBs4LXplIdFObseOr0jwvUTGB4NFRZBwU3Qcsc8Dt/2KyuRnw aEwuTRe+gp0x5Lk/+kZU =wm20 -----END PGP SIGNATURE-----
Powered by blists - more mailing lists