| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 5 May 2015 01:13:18 +0200 From: Sascha Schmidt <sascha.schmidt@...-weimar.de> To: discussions@...sword-hashing.net Subject: Re: [PHC] Client-side hashing (was side-channel stuff) 2015-05-04 19:18 GMT+02:00 Solar Designer <solar@...nwall.com>: > On Mon, May 04, 2015 at 04:51:51PM +0200, Sascha Schmidt wrote: >> I added the missing keyed finalization to Catena. You can now use >> server relief, keyed hashing and client-independent updates together. >> You can find it on github for now, > > I found commit c793a7a871ad7ce54d3f780d8e1fbe8d5c2f699e "added keyed > server relief", made by you today. Can you explain how this differs > from what Christian Forler referred to here? - > > http://thread.gmane.org/gmane.comp.security.phc/612/focus=674 > > "Catena supports "Keyed Password Hashing" [...] I just added the > feature." > > Is this Catena_Keyed_Hashing() (available before) vs. > Catena_Keyed_Server() (added now)? You could always execute Catena_Client(...) on one computer and then Catena_Server(...) on another computer and get the same result as a simple call to Catena(...). This allows to offload the computation to the client. Due to an oversight on our end this wasn't possible with keyed hashing. In the thread you linked Christian announces Catena_Keyed_Hashing(...). The new API allows you to first call Catena_Client(...) and then Catena_Keyed_Server(...) to get the same result(a keyed hash). >> but I'm sure that we are going to update the submission soon. > > This is merely an API enhancement, not a tweak, right? Yes. All the functionality was already there.
Powered by blists - more mailing lists