[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 5 May 2015 15:36:23 +0300
From: Solar Designer <solar@...nwall.com>
To: Bill Cox <waywardgeek@...il.com>
Cc: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>,
Meltem Sonmez Turan <meltemsturan@...il.com>
Subject: Re: [PHC] NIST standardization
On Mon, May 04, 2015 at 10:01:31PM -0700, Bill Cox wrote:
> Er.. NIST? Do we really want them involved?
We might or might not care, but I think for some prospective users
having the PHC winner NIST-standardized would be a plus. In fact, for
some it could be a requirement. That's why we have SHA-crypt, and
that's why Drupal 7 switched to SHA-512 as the crypto primitive for
their revision of phpass. In both cases, needing NIST-approved crypto
was explicitly cited as the primary reason for the change.
Do you think NIST's reputation is that bad now it'd reflect badly on the
PHC winner? I think it's not that bad. An algorithm coming from/via
NIST could be received badly, but one that was developed and selected by
PHC independently of NIST and is later merely standardized is fine.
Alexander
Powered by blists - more mailing lists