lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 05 Apr 2013 17:53:26 +0200
From: Yann Droneaud <>
Subject: Re: [PHC] Testing Password Hashing functions


Le vendredi 05 avril 2013 à 10:48 +0000, Poul-Henning Kamp a écrit :
> In message <>, Yann Droneaud writes:
> >For hashing functions, especially cryptographic hashing functions,
> >what are the tools to test them ?
> A good starting point is to treat it as a PRNG:  A hash function
> whould have the exact same mathematical properties as a PRNG, with
> the single addition that the same input always produces the same
> output.

I would rather say that a hash function could be used to built a PRNG
(basically either hashing its previous output value or hashing the
output from a validated (P)RNG) then this PRNG could be evaluated.

A PRNG has only its seed as input and produces an infinite amount of
output values, while the hash function has one input value and one
output value.

A hash function has other properties to be evaluated regarding its
output (avalanche effect, etc.)

So using the PRNG test is probably a first evaluation step, but doesn't
seems to be enough.

IANACNAM (I am not a Cryptographer nor a Mathematician)

So what others tools, methods are going to be used to evaluate password
hash functions ?


Yann Droneaud

Powered by blists - more mailing lists