lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 20 Aug 2013 17:18:34 -0400
From: Patrick Mylund Nielsen <>
To: "" <>
Subject: Re: [PHC] Terminology goals

On Tue, Aug 20, 2013 at 5:02 PM, Jean-Philippe Aumasson <> wrote:

> Agree with the need for a name better than "password hashing scheme",
> or "password hash".
> IIRC in previous Twitter discussions an idea was to avoid the word
> "hash" altogether and some people proposed things like "password
> scramblers". Also, a good name should probably include a connotation
> of work factor/slowness.
> Perhaps we should organize a separate competition: The Password Hash
> Naming Competition.

Password Storage Scheme?

Granted, you're not storing the password, but that's what people are
looking for. I have several articles on password authentication, and by far
the most popular queries that find them are "password storage", "how to
store passwords", and "storing passwords securely". Remember, people aren't
looking for slow hash functions--they often don't know it needs to be slow
at all. People who *do* know this aren't going to care if it's called a
hash, a scrambler or a "password twister."

"Scramble" is correct, but nobody understands what this means, and to a lot
of people it sounds less secure than "encryption" or "hashing".

IMO, "pash" is never going to get picked up. At best it's a cute term we'll
use, at worst it'll cause more ambiguity around "hash".

In any case, I agree that "hash" is bad, if only because it makes a
construction suitable for password authentication seem too similar to
normal hash functions.

> On Tue, Aug 20, 2013 at 10:41 PM, Jeffrey Goldberg <>
> wrote:
> > On 2013-08-20, at 3:14 PM, Marsh Ray <> wrote:
> >
> >> Since an authentication scheme for password-based credentials has a
> subtly different set of security properties than general hashing, message
> digesting, MACing, and even key derivation, we should strongly consider
> giving it a different name.
> >
> > Please! I'm tired of putting scare-quotes around "hash" every time I
> write about this. One of our goals is to make things easier services to do
> things properly. I still remember the people complaining that BLAKE2 was
> bad because it was too fast. Separate terms will help make it clear that
> different things have different design goals.
> >
> >> The values derived from the generate function. For example, we could
> call it a “pash function” or “pash values”, which you could think of as
> “Password Authentication ScHeme” or just “Password Hash”.
> >
> > Nice. I think I might start using that terminology right away. I don't
> think we need to wait for contest results to start doing this.
> >
> > (I'd also like something for KDFs that are designed to have a work
> factor for when the function output isn't for authentication.  "k-desh" for
> "Key Derivation ScHeme"? But as this the the PHC project and not the KDF-C
> project, my additional wishes here are off-topic.)
> >
> > Cheers,
> >
> > -j

Content of type "text/html" skipped

Powered by blists - more mailing lists