lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 7 Aug 2013 06:46:14 +0000
From: Marsh Ray <maray@...rosoft.com>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>
Subject: ECB mode can be our friend (Thinking out of the S-box)

"ECB mode" is a way of specifying "these block cipher invocations can be done in parallel " to hardware accelerated and other APIs.



Developers should be feel free to propose such solutions here without worrying about the reflexive "everybody knows ECB mode is bad because we can see the penguin*" comments we'd expect elsewhere.



Along these lines, there are certainly many other tools in the crypto toolbox which are completely busted for their original purposes. Yet they may be well understood and useful for password hashing. For example, several people (including myself) have suggested the use of a very wide RC4 to implement randomized memory access hardness.



- Marsh



* http://upload.wikimedia.org/wikipedia/commons/f/f0/Tux_ecb.jpg


Content of type "text/html" skipped

Powered by blists - more mailing lists