lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 16 May 2014 09:46:13 +0200
From: Jean-Philippe Aumasson <>
Subject: Re: [PHC] Catena v1.1


if the only change is the specs, I will revise the submission by
replacing the old PDF with the new one, and updating from v0 to v1 on



On Thu, May 15, 2014 at 6:01 PM, Christian Forler
<> wrote:
> Hi,
> First of all, I want to thank Ben Harris. He found two (minor)
> miss-matches between the Catena reference implementation and the Catena
> PHC-specification. Great job.
> 1.
> There is a tiny error in the lambda-BRH Algorithm of the
> PHC_Specification (Chapter 3, Algorithm 2, Line 5). The two input
> parameters for the hash function H are swapped it should be
> H(v_{2^g-1} || v_0) instead of H( v_0 || v_{2^g-1}).
> The same observation holds for Algorithm 3.
> 2.
> The tweak of the reference implementation starts with 0xFF the tweak in
> the PHC documentation does not.
> We fixed both issues. Now, the updated and attached document should
> match the reference implementation (
> For the protocol: I want to point out that none of this miss-matches
> have any impact on the security of Catena.
> BTW. Is it possible to replace the referred PDF, containing the obsolete
> specification of Catena, with the current specification of Catena
> (catena-v1.1.pdf) at
> Best regards,
> Christian

Powered by blists - more mailing lists