lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 14 Apr 2014 22:22:19 +0200
From: Krisztián Pintér <>
Subject: Re: [PHC] Strengths

here are some thoughts what strengths might be meaningful.

1. existence of a proof for TMTO resistance, pseudorandomness,
collision/preimage/2nd preimage resistance. if there is, what kind of
proof? (standard model, random oracle model, inherited from primitive

2. granularity and range of parameters. some candidates support only
2^n, some more fine grained. i would not consider the current
parametrization, but what the actual algorithm supports (example would
be bcrypt that takes logn as parameter, but just as well could take
n). also we need to know the limitations for parameters, especially
the interdependence (like cost_m puts lower bound on cost_t, or cost_m
increases execution time too). also how cost_t and cost_m or other
parameters affect time and memory.

3. limitations on the length of salt/pwd/output

4. claimed security level(s)

Powered by blists - more mailing lists