[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <54031F4C.1050605@ciphershed.org>
Date: Sun, 31 Aug 2014 09:12:44 -0400
From: Bill Cox <waywardgeek@...hershed.org>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] An additional PHS API to include a string?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/31/2014 07:55 AM, Krisztián Pintér wrote:
>
>
> Bill Cox (at Sunday, August 31, 2014, 1:31:22 PM):
>
>> The Microsoft presentation made a good point that stuck with me:
>> users hate dealing with all these different parameters like
>> m_cost and t_cost, and they'll just stick with password and salt
>> if we can't simplify storing hashes in a database.
>
> converting the result hash, and optionally any parametrization, to
> a string is perpendicular to password hashing. it can be added
> later, it is straightforward, it is independent of the actual
> algorithm, and it can be supplied as a helper function to the core
> hash function. my conclusion is: we should not discuss it, it is a
> waste of time.
>
> side note: does anyone know why bcrypt packs only 23 bytes of the
> 24 byte hash into the string representation?
- From a valuable Solar Designer comment in his implementation of
bcrypt, it appears to be a bug in the original bcrpyt, which all new
versions have to implement faithfully.
Bill
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJUAx9JAAoJEAcQZQdOpZUZ3N4QAIC4zgEhyzGWAvPuMSCl4q6D
9sHVwWFSSSoE4DmOLba42kg57d/pH7r/0l9unGYk0oTMrjNga51pH3YQdbM3QQtA
YGqbA6hCOLSPlc3Ru2Mlr2MQfiBpveZ9Qkqp7UqQIaCoeS5sgtsS8CfmKRTmtwTr
Soh2gsAHaItwyrk0tNJhMUgBm241haWkbpqvPm5jIb8mUq2H0nsVUgylB0m5/9gk
4J8F/QZojamNHHxA5mvDqEH6c0u2t31uoMx4McFXN9f5IOejAhwgv/FvCBFjsBs4
0SrDqR6j2LYd2tkxgUAL4YB3+P4PVyypx1e/w/4bs89AayiWLkaZTsEqD76+jj3J
qGNIU8XQ6BNVo5I8pt75ocH1UND0NtP3bbHWFZsXihNznE49uJJnj9AW4+jv97hH
3o1VJHD+20FlORUPXYLXoV3a+WKurImIVwga3i7wWRFfrMBU4FO/0xFtlHfqQh2g
uZvX7tyGy/H6izIcqOlMbHNiQya/aI0vHsRKBbyH3jkiIH7UJH9iYyHKMp5x7Qg4
9Ge6WkYyKd9v5sAo87UMsuiowEcR/KOV8e+j2age+HS86KzVwnNl+hwBhLyvU2xO
V8j6LRcDc59Dpo8eYzB6jHlRQjISQehVOaXjbkNJDqj2RkHj5R4GhxYR19aERkU7
Hu6sfQE03rg0S36hG0tQ
=1aHo
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists