lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 6 Jan 2014 14:16:45 +0100
From: Krisztián Pintér <>
Subject: Representing cost in a formated hash

> The question is how to represent the cost parameters in the formated
> hash.

here is what i think. representing the hash is the task of the
platform, and not the hash function. regular hash functions don't have
default representation either, they are just bits. it is not even sure
that we want to include the cost or other parameters at all. it can be
the case that some platforms (especially embedded or hw
implementations) will have fixed parametrization, thus there is no
need to store them at all.

i also see no reason why sould the parametrization be standardized.
for most implementations, a simple 32 bit parameter must suffice, it
is unlikely that we want 4 billion or even 2 billion rounds. the
problem is more apparent on 16 bit platforms.

but if we are adamant on giving finer grained exponentially growing
tuning ability, using constants like sqrt(2) seems to be unnecessarily
taxing for hw implementations (not very taxing, but unnecessarily
taxing). so my minimalist recommendation is the following:

(0b1000 + m) << e

where m is a 3 bit number, and e is a 5 bit number. the cost parameter
thus becomes 8 bits, in eeeeemmm order. the range is from 8 to
15*2^31, and the increment is below 12.5%. naturally expandable to 13
bit e, which covers ranges up to unbelievable. also, the number itself
can be treated as an integer, can be increased, behaves as one would
expect, etc.

Powered by blists - more mailing lists