lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 23 Mar 2014 04:21:52 +0400
From: Solar Designer <>
Subject: Re: [PHC] Can I have two entries?

On Fri, Mar 21, 2014 at 08:37:30AM -0400, Bill Cox wrote:
> My TwoCats password hashing scheme is a lot of fun, and I am beginning
> to think it can compete with other good full-featured schemes.
> However, it's complexity is it's biggest drawback.  For guys who just
> want some simple memory hashing, and don't need all the security
> features I included TwoCats, a simple KISS memory hashing function
> might be better.

Good idea.

> Is it a problem if I make two submissions?  The second would be  a
> tiny stripped down version of TwoCats with only a memory size
> parameter.  Maybe SkinnyCat, or some such thing, though both my cats
> are on the heavy side.

It's OK to make two submissions, but the reason you give is not good
enough for that, in my opinion.  Instead of making two submissions, can
you define TwoCats and SkinnyCat such that SkinnyCat can be computed
with TwoCats?  That way, SkinnyCat will be an implementation of a subset
of the functionality of TwoCats, and it can be part of the same
submission.  Just a cut-down implementation included in the submission,
and maybe also a second specification document for the cut-down version.

That said, in case we'd happen to want to include SkinnyCat but not
TwoCats in the PHC portfolio, I'm not sure how we'd approach that if
it's not submitted separately.  I guess we'd ask you to package it
separately at that time.

What do others think?


Powered by blists - more mailing lists