lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 15 May 2014 18:01:49 +0200
From: Christian Forler <>
Subject: Catena v1.1


First of all, I want to thank Ben Harris. He found two (minor)
miss-matches between the Catena reference implementation and the Catena
PHC-specification. Great job.

There is a tiny error in the lambda-BRH Algorithm of the
PHC_Specification (Chapter 3, Algorithm 2, Line 5). The two input
parameters for the hash function H are swapped it should be
H(v_{2^g-1} || v_0) instead of H( v_0 || v_{2^g-1}).

The same observation holds for Algorithm 3.

The tweak of the reference implementation starts with 0xFF the tweak in
the PHC documentation does not.

We fixed both issues. Now, the updated and attached document should
match the reference implementation (

For the protocol: I want to point out that none of this miss-matches
have any impact on the security of Catena.

BTW. Is it possible to replace the referred PDF, containing the obsolete
specification of Catena, with the current specification of Catena
(catena-v1.1.pdf) at

Best regards,

Download attachment "catena-v1.1.pdf" of type "application/download" (491416 bytes)

Download attachment "signature.asc" of type "application/pgp-signature" (535 bytes)

Powered by blists - more mailing lists