| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <54031F4C.1050605@ciphershed.org> Date: Sun, 31 Aug 2014 09:12:44 -0400 From: Bill Cox <waywardgeek@...hershed.org> To: discussions@...sword-hashing.net Subject: Re: [PHC] An additional PHS API to include a string? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/31/2014 07:55 AM, Krisztián Pintér wrote: > > > Bill Cox (at Sunday, August 31, 2014, 1:31:22 PM): > >> The Microsoft presentation made a good point that stuck with me: >> users hate dealing with all these different parameters like >> m_cost and t_cost, and they'll just stick with password and salt >> if we can't simplify storing hashes in a database. > > converting the result hash, and optionally any parametrization, to > a string is perpendicular to password hashing. it can be added > later, it is straightforward, it is independent of the actual > algorithm, and it can be supplied as a helper function to the core > hash function. my conclusion is: we should not discuss it, it is a > waste of time. > > side note: does anyone know why bcrypt packs only 23 bytes of the > 24 byte hash into the string representation? - From a valuable Solar Designer comment in his implementation of bcrypt, it appears to be a bug in the original bcrpyt, which all new versions have to implement faithfully. Bill -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUAx9JAAoJEAcQZQdOpZUZ3N4QAIC4zgEhyzGWAvPuMSCl4q6D 9sHVwWFSSSoE4DmOLba42kg57d/pH7r/0l9unGYk0oTMrjNga51pH3YQdbM3QQtA YGqbA6hCOLSPlc3Ru2Mlr2MQfiBpveZ9Qkqp7UqQIaCoeS5sgtsS8CfmKRTmtwTr Soh2gsAHaItwyrk0tNJhMUgBm241haWkbpqvPm5jIb8mUq2H0nsVUgylB0m5/9gk 4J8F/QZojamNHHxA5mvDqEH6c0u2t31uoMx4McFXN9f5IOejAhwgv/FvCBFjsBs4 0SrDqR6j2LYd2tkxgUAL4YB3+P4PVyypx1e/w/4bs89AayiWLkaZTsEqD76+jj3J qGNIU8XQ6BNVo5I8pt75ocH1UND0NtP3bbHWFZsXihNznE49uJJnj9AW4+jv97hH 3o1VJHD+20FlORUPXYLXoV3a+WKurImIVwga3i7wWRFfrMBU4FO/0xFtlHfqQh2g uZvX7tyGy/H6izIcqOlMbHNiQya/aI0vHsRKBbyH3jkiIH7UJH9iYyHKMp5x7Qg4 9Ge6WkYyKd9v5sAo87UMsuiowEcR/KOV8e+j2age+HS86KzVwnNl+hwBhLyvU2xO V8j6LRcDc59Dpo8eYzB6jHlRQjISQehVOaXjbkNJDqj2RkHj5R4GhxYR19aERkU7 Hu6sfQE03rg0S36hG0tQ =1aHo -----END PGP SIGNATURE-----
Powered by blists - more mailing lists