lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 5 Jan 2014 11:47:36 -0500
From: Daniel Franke <>
To: Krisztián Pintér <>
Subject: Re: [PHC] Proposed timeline changes

On 1/5/14, Krisztián Pintér <> wrote:
> another way to go is to reduce the submission requirements. as of now,
> a reference implementation and a large set of test vectors, as well as
> discussion on performance, optimization possibilities, etc are
> required.
> this might be problematic for a number of reasons. for example catena
> is an abstract proposal, which is best discussed from theoretic
> viewpoint. choosing the appropriate inner hash function is not
> crucial, therefore could be skipped for now.
> the development time for any reference implementation that is actually
> functional is a hassle. it has to be thoroughly tested and probably
> reviewed by 3rd party, because a reference implementation with a bug
> in it is not very useful.
> so if time pressure is an issue, and it is, i recommend dropping or
> easing this requirement.

I dislike this idea because not everybody is working in the same
order. For example, EARWORM's reference and optimized implementations
are already finished, and its spec nearly so, but the security and
efficiency discussion is not yet written. If the deadline remains at
Jan 31, the thoroughness of those sections is what will suffer. I
doubt that there is any reduced set of requirements that will make
everybody, or even most people, happy.

Powered by blists - more mailing lists