lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 16 Feb 2013 12:22:39 +0100
From: Jens Steube <jens.steube@...il.com>
To: discussions@...sword-hashing.net
Subject: Different cost settings and optional input

Hey Guys,

even if gat3way's (coder of hashkill) comments were written in a way
so that they sound like a joke they should be taken seriously.

If you missed them, here they are:

> 09:29:30 gat3way | Hey are you sure about that criterion:
> 09:29:32 gat3way | "Ability to transform an existing hash to a different cost setting without knowledge of the password."
> 09:29:52 gat3way | assuming that was possible, it means I can change cost to 1 then attack the hash :)
> 09:39:47 jchillerup | i think it implies transforming it into only *more* expensive versions
> 09:40:02 jchillerup | Otherwise it wouldn't make sense :)

Of course, jchillerup is right. I think we should update the CFS to
make that clear. In a world full of wrong or partially wrong
information troublemaker can simply abuse this lack of clarity to
create an Illusion of a weakness in the PHC hash. Such an Illusion can
easily cost its credibility.

> 09:45:02 gat3way | Is it allowed to rely on a secret parameter other than the password then?
> 09:45:36 gat3way | otherwise I am afraid such requirement would very likely inherently weaken security

I am not sure what his concern is about. I think it is the following:
We allow the use of a "optional input":

> Other optional inputs include local parameters such as a personalization string, a secret key, or any application-specific parameter.

It is possible that a coder who is using the PHC hash in his
applications misuse such an optional parameter intenionally or
unintenionally. For example by storing the entire plaintext or parts
into it. At least we should write a note about not doing that or even
better completly not allow the use of an optional parameter.

--
Jens

Powered by blists - more mailing lists