lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 29 Mar 2014 06:58:51 +0400
From: Solar Designer <>
Subject: escrypt rename (Re: [PHC] Scrypt can have highest time*average memory cost)


Thank you for commenting on this!

I should have announced the yescrypt name in the proper thread, to have
this followup in there too. ;-)

On Fri, Mar 28, 2014 at 10:40:06PM -0400, Bill Cox wrote:
> However, I still have gut reactions.  My dumb thought at the moment is
> that I prefer pwxform to yescript.  Pwxform can mean Parallel Wide
> Transform, but most of us will just say "password transform" in our
> heads.  Yescript

It's spelled yescrypt, not yescript.  The latter name is taken by some
unrelated website.  Not great to have this near-collision, indeed, but
even if it weren't present now, it would be later.

> in my head is pronounced "Yes-script".

Well, and escrypt would have been pronounced e-script.  And scrypt might
be pronounced script.  So what.

> I don't know why, but I prefer "password transform".

I am already using pwxform for a component in yescrypt.  I needed a
name for that component anyway, and pwxform fits nicely.  I thought of
a certain other name along the lines of "password transform" for the
whole thing, but I think it better fits as a library name
(implementation, and possibly of more than just this hashing scheme)
than as a password hashing scheme name.  It's not sufficiently specific
for the latter, whereas for a library with assorted schemes in it that
would actually be an advantage.  So I'll keep that other naming idea
reserved in case we do release such a library later.

yescrypt also includes homage/hint to scrypt, which is natural to have
as long as it's able to compute classic scrypt hashes (as well as its
native ones).

That said, I also don't like yescrypt as much as I would have liked to
like a name for this scheme.  We simply failed to arrive at a better
name in the available time.

This rename is already in place, and I am not going to spend any of the
time remaining before the deadline on another rename.


Powered by blists - more mailing lists