lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 24 Mar 2014 02:23:17 -0700
From: Jeremi Gosney <epixoip@...dshell.nl>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] pufferfish

On 3/23/2014 8:51 PM, Bill Cox wrote:
> On Sun, Mar 23, 2014 at 11:38 PM, Jeremi Gosney <epixoip@...dshell.nl> wrote:
>>> Just two unreflective ideas for Pufferfish:
>>> 1. Wouldn't it be easier to support variable output length by variable
>>> (length of) ctext in Pufferfishs encryption step instead of an extra
>>> hash? I can not see any security improvement for the hash.
>> Sure. Bcrypt uses the output of the encryption step directly, so we
>> could just as easily do that as well. But on the other hand, there's no
>> reason not to hash the output, either. Just my preference :)
> Is Jeremi suggesting that the SHA512 step be left out of the expand
> step? 

That was beloumi who suggested this, not me. But he was suggesting that
the output of the pufferfish encryption loop could be used directly,
instead of being hashed as sha512 before being written to the output
buffer. I have addressed this in my previous replies.

Jeremi

Powered by blists - more mailing lists