lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 31 Aug 2014 09:12:44 -0400
From: Bill Cox <waywardgeek@...hershed.org>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] An additional PHS API to include a string?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On 08/31/2014 07:55 AM, Krisztián Pintér wrote:
> 
> 
> Bill Cox (at Sunday, August 31, 2014, 1:31:22 PM):
> 
>> The Microsoft presentation made a good point that stuck with me:
>> users hate dealing with all these different parameters like
>> m_cost and t_cost, and they'll just stick with password and salt
>> if we can't simplify storing hashes in a database.
> 
> converting the result hash, and optionally any parametrization, to
> a string is perpendicular to password hashing. it can be added
> later, it is straightforward, it is independent of the actual
> algorithm, and it can be supplied as a helper function to the core
> hash function. my conclusion is: we should not discuss it, it is a
> waste of time.
> 
> side note: does anyone know why bcrypt packs only 23 bytes of the
> 24 byte hash into the string representation?

- From a valuable Solar Designer comment in his implementation of
bcrypt, it appears to be a bug in the original bcrpyt, which all new
versions have to implement faithfully.

Bill
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUAx9JAAoJEAcQZQdOpZUZ3N4QAIC4zgEhyzGWAvPuMSCl4q6D
9sHVwWFSSSoE4DmOLba42kg57d/pH7r/0l9unGYk0oTMrjNga51pH3YQdbM3QQtA
YGqbA6hCOLSPlc3Ru2Mlr2MQfiBpveZ9Qkqp7UqQIaCoeS5sgtsS8CfmKRTmtwTr
Soh2gsAHaItwyrk0tNJhMUgBm241haWkbpqvPm5jIb8mUq2H0nsVUgylB0m5/9gk
4J8F/QZojamNHHxA5mvDqEH6c0u2t31uoMx4McFXN9f5IOejAhwgv/FvCBFjsBs4
0SrDqR6j2LYd2tkxgUAL4YB3+P4PVyypx1e/w/4bs89AayiWLkaZTsEqD76+jj3J
qGNIU8XQ6BNVo5I8pt75ocH1UND0NtP3bbHWFZsXihNznE49uJJnj9AW4+jv97hH
3o1VJHD+20FlORUPXYLXoV3a+WKurImIVwga3i7wWRFfrMBU4FO/0xFtlHfqQh2g
uZvX7tyGy/H6izIcqOlMbHNiQya/aI0vHsRKBbyH3jkiIH7UJH9iYyHKMp5x7Qg4
9Ge6WkYyKd9v5sAo87UMsuiowEcR/KOV8e+j2age+HS86KzVwnNl+hwBhLyvU2xO
V8j6LRcDc59Dpo8eYzB6jHlRQjISQehVOaXjbkNJDqj2RkHj5R4GhxYR19aERkU7
Hu6sfQE03rg0S36hG0tQ
=1aHo
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists