lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 31 Mar 2014 01:12:32 -0700
From: Christopher Taylor <>
Subject: New password authentication protocol: Tabby PAKE

In an attempt to add to the rich discussion of password security
surrounding the PHC, I am attempting to contribute the Tabby PAKE protocol.

This protocol provides the best possible security guarantees for mutual
authentication of two parties by means of a shared secret such as a
password or PIN.  Wherever a password is used for authentication, this
scheme can provide the same strong guarantees as the well-known SRP
protocol.  The advantages are a higher security level and 100x faster
execution time.

The official writeup is here:

Software is available here:

An official submission was sent in recently to the PHC address and was

There are definitely some areas of ongoing work in the software and the
security proofs, if anyone is motivated enough by the submission to help

I am looking forward to your feedback and hope it can be a part of the

Holding breath,

Content of type "text/html" skipped

Powered by blists - more mailing lists