lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CACHDeFTbA=wvWvmfgg0y6cv4h9KboGFA+ok7jsB4FQcKCfrdpw@mail.gmail.com>
Date: Mon, 31 Mar 2014 01:12:32 -0700
From: Christopher Taylor <mrcatid@...il.com>
To: discussions@...sword-hashing.net
Subject: New password authentication protocol: Tabby PAKE

In an attempt to add to the rich discussion of password security
surrounding the PHC, I am attempting to contribute the Tabby PAKE protocol.

This protocol provides the best possible security guarantees for mutual
authentication of two parties by means of a shared secret such as a
password or PIN.  Wherever a password is used for authentication, this
scheme can provide the same strong guarantees as the well-known SRP
protocol.  The advantages are a higher security level and 100x faster
execution time.

The official writeup is here:
https://github.com/catid/tabby/blob/master/docs/tabbypake.pdf?raw=true

Software is available here: http://tabbypake.com

An official submission was sent in recently to the PHC address and was
received.

There are definitely some areas of ongoing work in the software and the
security proofs, if anyone is motivated enough by the submission to help
out.

I am looking forward to your feedback and hope it can be a part of the
competition!

Holding breath,
-Chris

Content of type "text/html" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ