lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 5 Apr 2014 20:50:54 -0400
From: Bill Cox <>
Subject: Re: [PHC] Quick gripe... in case there's ever another contest

On Sat, Apr 5, 2014 at 8:12 PM, Evgeny Kapun <> wrote:
> 06.04.2014 02:47, Solar Designer wrote:
> It is important that cryptographic functions are defined to operate on
> bytes, not characters. Otherwise, the definition of such functions would
> depend on the definition of what a character is, and how they are
> represented, which could be as much as the entire Unicode standard.

I strongly agree.  Why on earth did the SCRAM guys feel they had to
include the Unicode definition in their salted challenge-response
password protocol?  I can hardly wait for Tabby PAKE, or something
similar, to lead the way forward.


Powered by blists - more mailing lists