| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <218AE73F98E99C4C98AF7D5166AA798E09079F64@TK5EX14MBXC287.redmond.corp.microsoft.com> Date: Fri, 5 Apr 2013 18:53:18 +0000 From: Marsh Ray <maray@...rosoft.com> To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net> Subject: RE: [PHC] Testing Password Hashing functions > -----Original Message----- > From: Matthew Green [mailto:matthewdgreen@...il.com] > Sent: Friday, April 5, 2013 10:50 AM > To: discussions@...sword-hashing.net > Subject: Re: [PHC] Testing Password Hashing functions > > Formally, the right tool here is to ask for a proof that the construction is > indifferentiable from a random oracle -- assuming that the building blocks > (underlying hash functions, block ciphers, etc.) also meet similar criteria. > > The submitters don't have to write this proof, but it would be one of the > criteria for analysis. Since most of these functions will probably be based on > 'standard' building blocks, this shouldn't be an enormous stretch. The changes between PBKDF1 and PBKDF2 are interesting WRT differentiability-from-RO, particularly length extension and image shrinkage. - Marsh
Powered by blists - more mailing lists