lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 23 Mar 2014 16:16:52 +0100
From: Krisztián Pintér <pinterkr@...il.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Can I have two entries?


Solar Designer (at Sunday, March 23, 2014, 4:03:55 PM):
> I think having an implementation right away is very important.  It shows
> that the algorithm actually exists.

but i'm quite sure there are other ways to convince you about it, like
a good and easy to read pseudocode.

> Test vectors could be postponed, yes, but they are relatively quick to
> produce,

they are also notoriously hard to test and debug. having a bug in a
reference implementation is ... not so good.

> Test vectors are a trivial technicality,
[...]
> Implementation is not as trivial, but is important to have right away.

see the contradiction?

> I can implement that in a weekend (in
> fact, I readily have implementations of each past revision of escrypt)

just like i did. but without checking every single corner case, down
to each and every operations on byte level, considering all the
different possible architectures, compilers and the like, i would not
call that a reference implementation, and whatever it produces, i
would not call test vectors.

Powered by blists - more mailing lists