lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 11 Mar 2014 22:11:48 -0400
From: Bill Cox <>
Subject: Re: [PHC] TigerPHS paper and code ready for review

It goes with the song... Our house, is very very fine house, with
TwoCats in the yard, life used to be so hard...

Not that my two cats are encryption mongers, but do they eat TwoFish?
Actually, we feed them tuna every night.

Naming is definitely a bike shedding event.  There just aren't enough
good names to go around.  I googled Xcrypt and XScrypt, which I
thought could be a decent alternative for Escrypt, the X coming from
eXtended.  No luck... they're taken, in uncool ways to stomp on.

Two Cats seems to be taken, but not TwoCats.  Two Cats is a production
company with the same name as a comic book store.  That's about as
clean as you get with names now days.  My daughter thinks Kitten is
probably not taken, or we could use Tiger's full (and embarrassing to
Tiger) name, Tiger Flower.


On Tue, Mar 11, 2014 at 9:44 PM, Bill Cox <> wrote:
> Grr... naming is so hard.  We still need to help Alexander find a name
> as good or better than Escrypt that he wont get sued over.  NoelPHS?
> How about TwoCats?
> Bill
> On Tue, Mar 11, 2014 at 9:36 PM, Donghoon Chang <> wrote:
>> One small comment: In 1995 the name Tiger was already used as a hash
>> algorithm designed by Anderson and Biham. (See the following link.)
>> - donghoon
>> 2014년 3월 12일 수요일, Jean-Philippe Aumasson<>님이
>> 작성한 메시지:
>>> You may just call it Tiger, we'll figure out that as a PHC submission
>>> it's a PHS ;-)
>>> Well there's already a hash function called Tiger, and there's also a
>>> Tiger2, so maybe not a good idea:
>>> On Tue, Mar 11, 2014 at 9:43 PM, Bill Cox <> wrote:
>>>> Based on a lot of excellent feedback, I've updated TigerKDF, which I'm
>>>> now calling TigerPHS, for Password Hashing Scheme rather than Key
>>>> Derivation Function.  The latest version of my paper is at:
>>>> Code can be viewed/cloned at:
>>>> I've updated the benchmarks based on Alexander's feedback.
>>>> After the excellent discussion on PBKDF2 and HKDF, I've switched from
>>>> PBKDF2-BLAKE2S to HKDF-SHA256 for initial and final key derivation,
>>>> with Blake2s still used in the memory hashing part.  Every input other
>>>> than stopMemCost is now hashed in the initial hkdfExtract, conforming
>>>> to the author's description of how to do a "strongly secure" key
>>>> derivation.
>>>> I've reduce the number of "slices" from 16 to 4, as per Solar
>>>> Designer's recommendation.
>>>> The paper has been improved as well.
>>>> Let me know what you think.
>>>> Thanks,
>>>> Bill

Powered by blists - more mailing lists