lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 7 Apr 2014 05:47:36 -0400
From: Bill Cox <>
Subject: Re: [PHC] Re: Mechanical tests

On Mon, Apr 7, 2014 at 2:58 AM, Christian Forler
<> wrote:
> On 05.04.2014 17:53, Poul-Henning Kamp wrote:
>  [...]
>> I'm not defending POMELO in any way, I havn't even looked at it yet.
>> I'm just pointing out that while dieharder is a damn good too for
>> what it is designed for, it is not designed for what we're trying
>> to do here.
> A common use-case for a password hashing schemes is password based key
> derivation. Cryptographers assume that keys to be random. This
> assumption is crucial for the security of almost all cryptographic
> schemes. Therefore, (for an adversary) the output of a good password
> hashing scheme should be indistinguishable from random. Hence, dieharder
> is IMHO a valid sanity check tool.
> Best regards,
> Christian

In that case, you might be happy to know that Catena passed :-)


Powered by blists - more mailing lists