Message-ID: <CAGiyFdenP9tB=A_q7WgQoPZAHLf0Ya8XUY97H_+n_xQceA60nw@mail.gmail.com>
Date: Fri, 16 May 2014 09:46:13 +0200
From: Jean-Philippe Aumasson <jeanphilippe.aumasson@...il.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Catena v1.1

Christian,

if the only change is the specs, I will revise the submission by
replacing the old PDF with the new one, and updating from v0 to v1 on
https://password-hashing.net/candidates.html.

Best,

JP

On Thu, May 15, 2014 at 6:01 PM, Christian Forler
<christian.forler@...-weimar.de> wrote:
> Hi,
>
> First of all, I want to thank Ben Harris. He found two (minor)
> miss-matches between the Catena reference implementation and the Catena
> PHC-specification. Great job.
>
> 1.
> There is a tiny error in the lambda-BRH Algorithm of the
> PHC_Specification (Chapter 3, Algorithm 2, Line 5). The two input
> parameters for the hash function H are swapped it should be
> H(v_{2^g-1} || v_0) instead of H( v_0 || v_{2^g-1}).
>
> The same observation holds for Algorithm 3.
>
> 2.
> The tweak of the reference implementation starts with 0xFF the tweak in
> the PHC documentation does not.
>
>
> We fixed both issues. Now, the updated and attached document should
> match the reference implementation (https://github.com/cforler/catena).
>
> For the protocol: I want to point out that none of this miss-matches
> have any impact on the security of Catena.
>
>
> BTW. Is it possible to replace the referred PDF, containing the obsolete
> specification of Catena, with the current specification of Catena
> (catena-v1.1.pdf) at https://password-hashing.net/candidates.html?
>
>
> Best regards,
> Christian

Powered by blists - more mailing lists