lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 14 Apr 2014 09:16:35 -0400
From: Bill Cox <waywardgeek@...il.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] gambit wiki strength

Good point.  I'll update the bullet point by removing SHA3.  Would that
make it correct?  I certainly feel the sponge usage in Gambit is a
simplification and one of it's strongest points.

Bill


On Mon, Apr 14, 2014 at 2:53 AM, Krisztián Pintér <pinterkr@...il.com>wrote:

>
> this appeared on the wiki
>
> > Simplifies password hashing with SHA3 sponge construction
>
> which i don't fully understand, but for sure it is not precise,
> because gambit doesn't use SHA3. SHA3 is in the draft, but most likely
> it will contain 4 SHA variants, and 2 SHAKEs, but none of those match
> the capacity/padding choice in gambit document/sample source, and none
> of those allow duplexing, which is a necessity. rather, gambit shares
> crypto core (keccak) with SHAs and SHAKEs. thus i would use keccak in
> the cited sentence (but i still don't understand it).
>
>

Content of type "text/html" skipped

Powered by blists - more mailing lists