| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5374E4ED.1020409@uni-weimar.de>
Date: Thu, 15 May 2014 18:01:49 +0200
From: Christian Forler <christian.forler@...-weimar.de>
To: discussions@...sword-hashing.net
Subject: Catena v1.1
Hi,
First of all, I want to thank Ben Harris. He found two (minor)
miss-matches between the Catena reference implementation and the Catena
PHC-specification. Great job.
1.
There is a tiny error in the lambda-BRH Algorithm of the
PHC_Specification (Chapter 3, Algorithm 2, Line 5). The two input
parameters for the hash function H are swapped it should be
H(v_{2^g-1} || v_0) instead of H( v_0 || v_{2^g-1}).
The same observation holds for Algorithm 3.
2.
The tweak of the reference implementation starts with 0xFF the tweak in
the PHC documentation does not.
We fixed both issues. Now, the updated and attached document should
match the reference implementation (https://github.com/cforler/catena).
For the protocol: I want to point out that none of this miss-matches
have any impact on the security of Catena.
BTW. Is it possible to replace the referred PDF, containing the obsolete
specification of Catena, with the current specification of Catena
(catena-v1.1.pdf) at https://password-hashing.net/candidates.html?
Best regards,
Christian
Download attachment "catena-v1.1.pdf" of type "application/download" (491416 bytes)
Download attachment "signature.asc" of type "application/pgp-signature" (535 bytes)
Powered by blists - more mailing lists