| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <95249DA8-00C2-414D-B173-BA153C5559DB@goldmark.org> Date: Tue, 20 Aug 2013 15:41:59 -0500 From: Jeffrey Goldberg <jeffrey@...dmark.org> To: discussions@...sword-hashing.net Subject: Re: [PHC] Terminology goals On 2013-08-20, at 3:14 PM, Marsh Ray <maray@...rosoft.com> wrote: > Since an authentication scheme for password-based credentials has a subtly different set of security properties than general hashing, message digesting, MACing, and even key derivation, we should strongly consider giving it a different name. Please! I'm tired of putting scare-quotes around "hash" every time I write about this. One of our goals is to make things easier services to do things properly. I still remember the people complaining that BLAKE2 was bad because it was too fast. Separate terms will help make it clear that different things have different design goals. > The values derived from the generate function. For example, we could call it a “pash function” or “pash values”, which you could think of as “Password Authentication ScHeme” or just “Password Hash”. Nice. I think I might start using that terminology right away. I don't think we need to wait for contest results to start doing this. (I'd also like something for KDFs that are designed to have a work factor for when the function output isn't for authentication. "k-desh" for "Key Derivation ScHeme"? But as this the the PHC project and not the KDF-C project, my additional wishes here are off-topic.) Cheers, -j
Powered by blists - more mailing lists