lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 5 Jan 2014 10:24:45 -0500
From: Bill Cox <waywardgeek@...il.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Proposed timeline changes

Not that my opinion should hold much weight here - I'm just dabbling after
all - but the one thing said that I strongly agree with is that submitters
should be allowed to "borrow" each other's ideas in the second phase,
potentially making major changes to their algorithms.


On Sun, Jan 5, 2014 at 4:24 AM, Solar Designer <solar@...nwall.com> wrote:

> On Sun, Jan 05, 2014 at 09:55:28AM +0100, Jean-Philippe Aumasson wrote:
> > 1) Move the submission deadline from January 31 to March 31 (with
> unchanged
> > requirements)
> >
> > 2) Agree on a new tentative timeline before March 31 (which may be
> further
> > revised depending on the quantity and quality of submissions)
> >
> > Any objection?
>
> No objections from me.
>
> > On Jan 5, 2014 9:41 AM, "Jean-Philippe Aumasson" <
> jeanphilippe.aumasson@...il.com> wrote:
> > > However we won't accept submissions after the initial deadline. And
> round
> > > 2 is about shortlisting a few submissions rather than receiving new
> ones.
> > > The game has to have rules :)
> > >
> > > What do other panel members think?
>
> I think many (if not all) of us are going to learn a few things from
> each other's submissions.  It is important to let us reuse this
> knowledge in revised submissions, and this may require more than tweaks.
>
> I am also unsure of what qualifies as a mere tweak and what does not,
> and whether adding an extra password hashing scheme variation or extra
> mode of operation (e.g., a scripting language friendly one to a
> submission previously friendly to native code only) falls under "tweaks"
> or not.  (Obviously, I am assuming that the test vectors will differ.
> If they don't, it's a mere implementation change, which is not in any
> way limited by PHC rules.)
>
> The scripting language example is not an arbitrary one.  What I am
> seeing so far is that all new designs being discussed so far focus on
> native code only, so far.  Yet I think that given more time, having
> received initial reviews/feedback, and having seen each other's
> submissions, some of those same teams may come up with variations of
> their schemes intended for scripting languages.  It just feels premature
> to work on that yet.
>
> The game does have to have rules, but not necessarily the exact rules
> outlined in the provisional timeline so far.  If you feel that we need a
> round where we'd shortlist a few finalists, then I think we potentially
> need an extra round (before the shortlisting) for the knowledge reuse.
>
> We might have a slightly better idea on whether the shortlisting round
> is needed if we ask would-be submitters to announce their plans to
> submit by/on the previously scheduled date of January 31 (so it won't be
> a surprise to them that something is expected from them by then, and
> it'd be a relief that less is expected and they have 2 more months for
> the actual submissions).
>
> Alexander
>

Content of type "text/html" skipped

Powered by blists - more mailing lists