lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 16 Feb 2013 12:22:39 +0100 From: Jens Steube <jens.steube@...il.com> To: discussions@...sword-hashing.net Subject: Different cost settings and optional input Hey Guys, even if gat3way's (coder of hashkill) comments were written in a way so that they sound like a joke they should be taken seriously. If you missed them, here they are: > 09:29:30 gat3way | Hey are you sure about that criterion: > 09:29:32 gat3way | "Ability to transform an existing hash to a different cost setting without knowledge of the password." > 09:29:52 gat3way | assuming that was possible, it means I can change cost to 1 then attack the hash :) > 09:39:47 jchillerup | i think it implies transforming it into only *more* expensive versions > 09:40:02 jchillerup | Otherwise it wouldn't make sense :) Of course, jchillerup is right. I think we should update the CFS to make that clear. In a world full of wrong or partially wrong information troublemaker can simply abuse this lack of clarity to create an Illusion of a weakness in the PHC hash. Such an Illusion can easily cost its credibility. > 09:45:02 gat3way | Is it allowed to rely on a secret parameter other than the password then? > 09:45:36 gat3way | otherwise I am afraid such requirement would very likely inherently weaken security I am not sure what his concern is about. I think it is the following: We allow the use of a "optional input": > Other optional inputs include local parameters such as a personalization string, a secret key, or any application-specific parameter. It is possible that a coder who is using the PHC hash in his applications misuse such an optional parameter intenionally or unintenionally. For example by storing the entire plaintext or parts into it. At least we should write a note about not doing that or even better completly not allow the use of an optional parameter. -- Jens
Powered by blists - more mailing lists