lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 01 Sep 2014 16:25:54 -0400
From: Bill Cox <waywardgeek@...hershed.org>
To: discussions@...sword-hashing.net
Subject: A review per day - PolyPassHash

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

PolyPassHash is a very cool idea.  To authenticate any password, you
have to prove you know at least N correct user/password combinations.
 Once you've done this, you can authenticate passwords as they come in.

This falls into the "other" category.  It might be a useful bolt-on
for an authentication server along with a decent password hashing
scheme.  I am really glad the author submitted it so we could all
enjoy reading about the algorithm.

However, I feel it is far enough removed from being a password hashing
scheme that it doesn't belong among the eventual "winners".  If we can
give it an honorable mention, that would be fine :-)

Since this is the place where I list my gripes, I will mention that I
had to do a lot more debugging work to get PolyPassHash working than
the others.  However, it's no big deal.

I think that's all I really have to say about PolyPassHash, other than
to thank the author for the cool paper.  Thanks!

Bill
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUBNZOAAoJEAcQZQdOpZUZweoQAJfeJJKPiRhp9cjtuvAB0kRR
5zvXKaRcuremeHj4MfYTWtRLeYdmFsMDyb841cAvaJfLi5GF5UhoIUi8btds8RWG
zbUMhmJAcqcmmoDfa4icaErN3Xvk8aJCXhzgyjycon6qmGjqfCzoVFqMUBjpzNUH
XzKVUtHr6UpamLszW2rzGtZ/Dft6IhZwwnQq7CDzaUZlVJL+wd9DSn1vBkcNXBp6
WDvxdNVHRhTJnpjCbzNLFgUTZDMelixZJxYeZFxF9WVhUqV8fwJGKeYd6i65WVo+
LWW5MIzYRvLMZLCKeiD3fpqRqwLqfwSrYjdloE2+FJsBRoAJ1OfMuFVZykhhEJ2E
oHWX6E3tq/BrtRc+TSvvzMKifMLf2P7lEtiMKTKIZWMQvVNXRtbdss66S/K0JI4U
cr/IG10jXPqzIH1PBAxTE9YEOn6x4NZQhwv7G6jLzQw/HWP9vpTKMCv/kDi2moYN
Q77rgpg3hwmUsVpJw+0BVfeecXBhssJD0v01JKrvoqI6XXJV8KdHONLBInWphZKf
AaVDg5PnIB8JGrE2OqwjsIJMLGXpS5a/A1MBM1JFr5hRZvl9o5SYlnlPDRf1wErd
p4sckEpncn2d7iZRloEcbt3bImHNcirATvMKgo+4fJDfbg7qHkVjahWFHx7KDzAF
6XJ6qWgB3HhtYQvIMSZB
=wFiL
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists