lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 18 Feb 2013 15:45:39 -0800
From: Tony Arcieri <tony.arcieri@...il.com>
To: discussions@...sword-hashing.net
Subject: Password hashes as URIs

There's been some work on an RFC for hashes-as-URIs:

http://tools.ietf.org/html/draft-farrell-decade-ni-10

I believe this has been discussed earlier, but I think one of the
interesting things this competition could also produce is a similar URI
scheme for storing password hashes: one that includes the algorithm name,
the hash, salt/nonce, and the algorithm-specific parameters.

A scheme like this could allow someone to have several different password
hashing schemes active at once (e.g. if they started with one scheme but
are lazily upgrading to another, newer scheme) and would also allow
interoperability between these libraries.

Yay? Nay?

-- 
Tony Arcieri

Content of type "text/html" skipped

Powered by blists - more mailing lists