lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <5374E4ED.1020409@uni-weimar.de> Date: Thu, 15 May 2014 18:01:49 +0200 From: Christian Forler <christian.forler@...-weimar.de> To: discussions@...sword-hashing.net Subject: Catena v1.1 Hi, First of all, I want to thank Ben Harris. He found two (minor) miss-matches between the Catena reference implementation and the Catena PHC-specification. Great job. 1. There is a tiny error in the lambda-BRH Algorithm of the PHC_Specification (Chapter 3, Algorithm 2, Line 5). The two input parameters for the hash function H are swapped it should be H(v_{2^g-1} || v_0) instead of H( v_0 || v_{2^g-1}). The same observation holds for Algorithm 3. 2. The tweak of the reference implementation starts with 0xFF the tweak in the PHC documentation does not. We fixed both issues. Now, the updated and attached document should match the reference implementation (https://github.com/cforler/catena). For the protocol: I want to point out that none of this miss-matches have any impact on the security of Catena. BTW. Is it possible to replace the referred PDF, containing the obsolete specification of Catena, with the current specification of Catena (catena-v1.1.pdf) at https://password-hashing.net/candidates.html? Best regards, Christian Download attachment "catena-v1.1.pdf" of type "application/download" (491416 bytes) Download attachment "signature.asc" of type "application/pgp-signature" (535 bytes)
Powered by blists - more mailing lists