| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20140323002152.GB26806@openwall.com> Date: Sun, 23 Mar 2014 04:21:52 +0400 From: Solar Designer <solar@...nwall.com> To: discussions@...sword-hashing.net Subject: Re: [PHC] Can I have two entries? On Fri, Mar 21, 2014 at 08:37:30AM -0400, Bill Cox wrote: > My TwoCats password hashing scheme is a lot of fun, and I am beginning > to think it can compete with other good full-featured schemes. > However, it's complexity is it's biggest drawback. For guys who just > want some simple memory hashing, and don't need all the security > features I included TwoCats, a simple KISS memory hashing function > might be better. Good idea. > Is it a problem if I make two submissions? The second would be a > tiny stripped down version of TwoCats with only a memory size > parameter. Maybe SkinnyCat, or some such thing, though both my cats > are on the heavy side. It's OK to make two submissions, but the reason you give is not good enough for that, in my opinion. Instead of making two submissions, can you define TwoCats and SkinnyCat such that SkinnyCat can be computed with TwoCats? That way, SkinnyCat will be an implementation of a subset of the functionality of TwoCats, and it can be part of the same submission. Just a cut-down implementation included in the submission, and maybe also a second specification document for the cut-down version. That said, in case we'd happen to want to include SkinnyCat but not TwoCats in the PHC portfolio, I'm not sure how we'd approach that if it's not submitted separately. I guess we'd ask you to package it separately at that time. What do others think? Alexander
Powered by blists - more mailing lists