lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 25 Aug 2014 11:27:04 -0400
From: Bo Zhu <>
To: "" <>
Subject: Pleco and Plectron - two provably secure password hashing algorithms

Hi all,

Here are two provably secure password hashing algorithms we designed.
You can get our draft paper and reference source code at


About the name:

Pleco or Plecostomus is a kind of catfishes that is very popular among
aquarists, as Pleco fishes help keeping water clean. The word Plecostomus
itself means folded mouth.

Some features of our password hashing algorithms:

   - Alternatively apply Keccak and Rabin to intermediate states, in order
   to provide
      - provable security of both one-wayness and collision resistance (of
      the internal hash function and overall designs)
      - the composition of asymmetric and symmetric components that often
      makes the cryptanalysis much harder (analogous to ARX ciphers and IDEA
   - Employ ROMix (without BlockMix) to provide sequential memory-hardness.
   - Can use unfactored Mersenne composite numbers rather than RSA moduli
   in Rabin in order to
      - speed up internal time-consuming steps
      - use the password hashing algorithms in cryptocurrencies for
   - Tune memory and time usage via cost parameters.

Any feedback is welcome.

Best regards,

Content of type "text/html" skipped

Powered by blists - more mailing lists