lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20130218230035.GC20985@openwall.com>
Date: Tue, 19 Feb 2013 03:00:35 +0400
From: Solar Designer <solar@...nwall.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Coding of the in[inlen] array for PHS( )

On Mon, Feb 18, 2013 at 02:02:45PM -0800, Dennis E. Hamilton wrote:
> The ASCII/non-ASCII about desirable test vectors suggest that being character set sensitive is permissible.

The "Call for submissions" talks about "bytes" in all places except for
this one:

"Comprehensive set of test vectors (preferably including non-ASCII
characters)."

Perhaps this should be changed to:

"Comprehensive set of test vectors (preferably including all byte values
in the 0 to 0xFF range for both the password and the salt inputs)."

Yes, if this "preference" is followed, this implies that we'll have at
least 256 bytes worth of data for each input (across all test vectors).

I think we don't want to get into the complicated issues with
"characters" here.  "Characters" may use different encodings, may be
multi-byte, may vary in endianness, etc.  In PHS(), we deal with bytes.

Alexander

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ