lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 14 Apr 2014 08:53:42 +0200
From: Krisztián Pintér <>
Subject: gambit wiki strength

this appeared on the wiki

> Simplifies password hashing with SHA3 sponge construction

which i don't fully understand, but for sure it is not precise,
because gambit doesn't use SHA3. SHA3 is in the draft, but most likely
it will contain 4 SHA variants, and 2 SHAKEs, but none of those match
the capacity/padding choice in gambit document/sample source, and none
of those allow duplexing, which is a necessity. rather, gambit shares
crypto core (keccak) with SHAs and SHAKEs. thus i would use keccak in
the cited sentence (but i still don't understand it).

Powered by blists - more mailing lists