lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 05 Apr 2013 17:53:26 +0200 From: Yann Droneaud <ydroneaud@...eya.com> To: discussions@...sword-hashing.net Subject: Re: [PHC] Testing Password Hashing functions Hi, Le vendredi 05 avril 2013 à 10:48 +0000, Poul-Henning Kamp a écrit : > In message <1365158596.26812.18.camel@...t.quest-ce.net>, Yann Droneaud writes: > > >For hashing functions, especially cryptographic hashing functions, > >what are the tools to test them ? > > A good starting point is to treat it as a PRNG: A hash function > whould have the exact same mathematical properties as a PRNG, with > the single addition that the same input always produces the same > output. > I would rather say that a hash function could be used to built a PRNG (basically either hashing its previous output value or hashing the output from a validated (P)RNG) then this PRNG could be evaluated. A PRNG has only its seed as input and produces an infinite amount of output values, while the hash function has one input value and one output value. A hash function has other properties to be evaluated regarding its output (avalanche effect, etc.) So using the PRNG test is probably a first evaluation step, but doesn't seems to be enough. IANACNAM (I am not a Cryptographer nor a Mathematician) So what others tools, methods are going to be used to evaluate password hash functions ? Regards. -- Yann Droneaud OPTEYA
Powered by blists - more mailing lists