| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 6 Sep 2015 17:20:10 +0100 From: Hugo Landau <hlandau@...ever.net> To: discussions@...sword-hashing.net Subject: Interest in specification of modular crypt format Greetings. Now that a winner has been announced, I wondered if the PHC has any interest in specifying a modular crypt format to supplement the final specification for Argon2? The modular crypt format is used by UNIX-like systems to encode passwords in system databases (sha256-crypt is "$5$", sha512-crypt is "$6$" etc.), but is also more widely used as a password storage format. Specifying the modular crypt format early as part of the specification itself would avoid any risk of balkanization of a supposed standard and encourage adoption. The most exhaustive documentation of the modular crypt format that I am aware of is that maintained by the Python passlib project: https://pythonhosted.org/passlib/lib/passlib.hash.html#unix-modular-crypt-hashes Take note of PBKDF2, which, while a standard, appears to have numerous different incompatible formats: Passlib's PBKDF2, cta_pbkdf2_sha1, dlitz_pbkdf2_sha1, etc. Specifying a format is trivial but may be highly advantageous. Hugo Landau
Powered by blists - more mailing lists