lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 11 Mar 2014 16:43:38 -0400
From: Bill Cox <waywardgeek@...il.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] TigerPHS paper and code ready for review

Based on a lot of excellent feedback, I've updated TigerKDF, which I'm
now calling TigerPHS, for Password Hashing Scheme rather than Key
Derivation Function.  The latest version of my paper is at:

http://waywardgeek.net/TigerPHS.pdf

Code can be viewed/cloned at:

https://github.com/waywardgeek/tigerphs

I've updated the benchmarks based on Alexander's feedback.

After the excellent discussion on PBKDF2 and HKDF, I've switched from
PBKDF2-BLAKE2S to HKDF-SHA256 for initial and final key derivation,
with Blake2s still used in the memory hashing part.  Every input other
than stopMemCost is now hashed in the initial hkdfExtract, conforming
to the author's description of how to do a "strongly secure" key
derivation.

I've reduce the number of "slices" from 16 to 4, as per Solar
Designer's recommendation.

The paper has been improved as well.

Let me know what you think.

Thanks,
Bill

Powered by blists - more mailing lists