[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1365177206.2493.10.camel@test.quest-ce.net>
Date: Fri, 05 Apr 2013 17:53:26 +0200
From: Yann Droneaud <ydroneaud@...eya.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Testing Password Hashing functions
Hi,
Le vendredi 05 avril 2013 à 10:48 +0000, Poul-Henning Kamp a écrit :
> In message <1365158596.26812.18.camel@...t.quest-ce.net>, Yann Droneaud writes:
>
> >For hashing functions, especially cryptographic hashing functions,
> >what are the tools to test them ?
>
> A good starting point is to treat it as a PRNG: A hash function
> whould have the exact same mathematical properties as a PRNG, with
> the single addition that the same input always produces the same
> output.
>
I would rather say that a hash function could be used to built a PRNG
(basically either hashing its previous output value or hashing the
output from a validated (P)RNG) then this PRNG could be evaluated.
A PRNG has only its seed as input and produces an infinite amount of
output values, while the hash function has one input value and one
output value.
A hash function has other properties to be evaluated regarding its
output (avalanche effect, etc.)
So using the PRNG test is probably a first evaluation step, but doesn't
seems to be enough.
IANACNAM (I am not a Cryptographer nor a Mathematician)
So what others tools, methods are going to be used to evaluate password
hash functions ?
Regards.
--
Yann Droneaud
OPTEYA
Powered by blists - more mailing lists