lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 23 Mar 2014 22:46:41 -0400
From: Bill Cox <>
Subject: Re: [PHC] On Delegation (Was: "Why I Don't Recommend Scrypt")

On Sat, Mar 22, 2014 at 7:31 PM, Solar Designer <> wrote:
> Being on the panel for PHC, I am aware that you made this submission
> (thank you!), but I did not look at it closely yet because (1) I didn't
> have time for that yet, and (2) you didn't make it public yet, which
> might be deliberate, so I didn't want to be "exposed" to it yet (given
> my plans to possibly make a PHC submission too).  So I was unaware of
> what features it had.

I got a bad feeling when I read "given my plans to *possibly* make a
PHC submission too".  Somebody's got to build the tools geeks like me
will use when we get the itch to write security software.  I like to
think that after making all the fixes and upgrades to TwoCats that
mostly were your suggestions, it might compete with Escript, but the
reality is it likely will fall early in cryptanalyst review.  The
world needs a nice simple password hashing function that can easily be
ported, and Escript may not be that simple function, but we need a
secure password hashing library even more.  OpenSSL is a library, not
a hashing function, yet it provides far more benefits than any single
hashing or encryption scheme I can think of.  Escript should be part
of that library.  You will seriously piss off my two cats if you do
not carry through with Escrypt.  Can I start calling it Pwxtrans now?
I like that better.


Powered by blists - more mailing lists