[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAGiyFddRU6fH5C0NpLLTrzeuxYGoJP5+QALfzKydqaH1PFbQ_A@mail.gmail.com>
Date: Tue, 20 Aug 2013 23:02:27 +0200
From: Jean-Philippe Aumasson <jeanphilippe.aumasson@...il.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Terminology goals
Agree with the need for a name better than "password hashing scheme",
or "password hash".
IIRC in previous Twitter discussions an idea was to avoid the word
"hash" altogether and some people proposed things like "password
scramblers". Also, a good name should probably include a connotation
of work factor/slowness.
Perhaps we should organize a separate competition: The Password Hash
Naming Competition.
On Tue, Aug 20, 2013 at 10:41 PM, Jeffrey Goldberg <jeffrey@...dmark.org> wrote:
> On 2013-08-20, at 3:14 PM, Marsh Ray <maray@...rosoft.com> wrote:
>
>> Since an authentication scheme for password-based credentials has a subtly different set of security properties than general hashing, message digesting, MACing, and even key derivation, we should strongly consider giving it a different name.
>
> Please! I'm tired of putting scare-quotes around "hash" every time I write about this. One of our goals is to make things easier services to do things properly. I still remember the people complaining that BLAKE2 was bad because it was too fast. Separate terms will help make it clear that different things have different design goals.
>
>> The values derived from the generate function. For example, we could call it a “pash function” or “pash values”, which you could think of as “Password Authentication ScHeme” or just “Password Hash”.
>
> Nice. I think I might start using that terminology right away. I don't think we need to wait for contest results to start doing this.
>
> (I'd also like something for KDFs that are designed to have a work factor for when the function output isn't for authentication. "k-desh" for "Key Derivation ScHeme"? But as this the the PHC project and not the KDF-C project, my additional wishes here are off-topic.)
>
> Cheers,
>
> -j
Powered by blists - more mailing lists