lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 12 Apr 2014 11:38:30 -0400
From: Bo Zhu <bo.zhu@...terloo.ca>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>
Subject: Re: Withdrawal of the PHC submission Catfish

Hi Krisztián,

We don't like what's going on either.
Although we may not be able to talk about the matter in public, you can be
assured that this outcome isn't what we, the four designers of Catfish,
wanted or anticipated. Personally I was extremely astonished and
disappointed.
We are trying to not make the situation worse, so please understand us.

Anyone who read our design would understand Catfish relies solely on public
crypto knowledge, and we were indeed proposing our design as a royalty free
basis. However, deleting these files was forced out of our choice.
I guess you are right that it is only possible to remove the PDF files and
source code that are under our control.

One more thing is that, we will still continue to contribute to this
community.
Some of us have been working on a second version of password hashing
algorithm, which should have better security proofs and efficiencies than
Catfish.
A paper may be written on the new design, and will be put in public as soon
as it's ready.

Thank everyone for understanding.
Good luck to all candidates in the competition.

Best regards,
Bo


On Saturday, April 12, 2014, Krisztián Pintér <pinterkr@...il.com> wrote:

>
> Bo Zhu (at Saturday, April 12, 2014, 2:29:12 PM):
>
> >Due to certain unanticipated administration issues, we regret to
> >tell that we have to withdraw our design Catfish from the password
> >hashing competition.
>
> i'm not entirely sure that you can do that though. you can certainly
> ask the panel to exclude your proposal from the final set. but
> otherwise, your algorithm is now out there and available for everyone,
> due to your statement in the pdf:
>
> > The scheme is and will remain available worldwide on a royalty free
> > basis
>
> maybe except if you did not have ownership of the algorithm in the
> first place?
>
> anyway, i don't know what's going on, but i'm already not liking it.
>
>

Content of type "text/html" skipped

Powered by blists - more mailing lists