lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAGiyFdenP9tB=A_q7WgQoPZAHLf0Ya8XUY97H_+n_xQceA60nw@mail.gmail.com> Date: Fri, 16 May 2014 09:46:13 +0200 From: Jean-Philippe Aumasson <jeanphilippe.aumasson@...il.com> To: discussions@...sword-hashing.net Subject: Re: [PHC] Catena v1.1 Christian, if the only change is the specs, I will revise the submission by replacing the old PDF with the new one, and updating from v0 to v1 on https://password-hashing.net/candidates.html. Best, JP On Thu, May 15, 2014 at 6:01 PM, Christian Forler <christian.forler@...-weimar.de> wrote: > Hi, > > First of all, I want to thank Ben Harris. He found two (minor) > miss-matches between the Catena reference implementation and the Catena > PHC-specification. Great job. > > 1. > There is a tiny error in the lambda-BRH Algorithm of the > PHC_Specification (Chapter 3, Algorithm 2, Line 5). The two input > parameters for the hash function H are swapped it should be > H(v_{2^g-1} || v_0) instead of H( v_0 || v_{2^g-1}). > > The same observation holds for Algorithm 3. > > 2. > The tweak of the reference implementation starts with 0xFF the tweak in > the PHC documentation does not. > > > We fixed both issues. Now, the updated and attached document should > match the reference implementation (https://github.com/cforler/catena). > > For the protocol: I want to point out that none of this miss-matches > have any impact on the security of Catena. > > > BTW. Is it possible to replace the referred PDF, containing the obsolete > specification of Catena, with the current specification of Catena > (catena-v1.1.pdf) at https://password-hashing.net/candidates.html? > > > Best regards, > Christian
Powered by blists - more mailing lists