| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAN5JNV03qcS_qsASY41HhrJS+dbk07+OfKYcPLhNemjxK9CePA@mail.gmail.com>
Date: Mon, 25 Aug 2014 11:27:04 -0400
From: Bo Zhu <bo.zhu@...terloo.ca>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>
Subject: Pleco and Plectron - two provably secure password hashing algorithms
Hi all,
Here are two provably secure password hashing algorithms we designed.
You can get our draft paper and reference source code at
- https://about.bozhu.me/paper/pleco-plectron.pdf
- https://github.com/bozhu/Pleco
About the name:
Pleco or Plecostomus is a kind of catfishes that is very popular among
aquarists, as Pleco fishes help keeping water clean. The word Plecostomus
itself means folded mouth.
Some features of our password hashing algorithms:
- Alternatively apply Keccak and Rabin to intermediate states, in order
to provide
- provable security of both one-wayness and collision resistance (of
the internal hash function and overall designs)
- the composition of asymmetric and symmetric components that often
makes the cryptanalysis much harder (analogous to ARX ciphers and IDEA
cipher).
- Employ ROMix (without BlockMix) to provide sequential memory-hardness.
- Can use unfactored Mersenne composite numbers rather than RSA moduli
in Rabin in order to
- speed up internal time-consuming steps
- use the password hashing algorithms in cryptocurrencies for
proof-of-work/space.
- Tune memory and time usage via cost parameters.
Any feedback is welcome.
Thanks.
Best regards,
Bo
Content of type "text/html" skipped
Powered by blists - more mailing lists