lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 22 Mar 2014 00:46:40 -0700
From: Jeremi Gosney <>
Subject: Re: [PHC] Transforming hash to different cost setting

These are not hard requirements, they are simply critera that will be
evaluated in each candidate. You may choose not to support a particular
feature in your design.

On 3/22/2014 12:41 AM, Sweta Mishra wrote:
> Thanks Jeremi, but for the calculation of a password hash another
> requirement is that we need sufficiently large memory and we
> constantly use them throughout the calculation. Now if we try to
> update the previous stored hash then next calculation will only depend
> on the stored hash value and then how will it fulfil the memory
> requirement criteria for transforming hash to different cost setting.  
> Thanks & Regards
> Sweta Mishra
> On Sat, Mar 22, 2014 at 12:44 PM, Jeremi Gosney <
> <>> wrote:
>     On 3/22/2014 12:09 AM, Sweta Mishra wrote:
>     > What does the  'Ability to transform an existing hash to a different
>     > cost setting without knowledge of the password', mean exactly?
>     Simply put, it means the ability to take a password hash from the
>     database and upgrade it to a higher cost setting without knowing the
>     password. This way administrators can upgrade the security of an
>     entire
>     database without hooking the login process to re-hash the password, or
>     forcing users to change their passwords.

Powered by blists - more mailing lists