lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 02 Sep 2014 20:22:52 -0400
From: Bill Cox <waywardgeek@...hershed.org>
To: discussions@...sword-hashing.net
Subject: A review per day - you can opt out

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I think it is hard for me to deal with real people in any sort of
understanding way about their code in a review of candidates.  I would
prefer not to deal with entries where I might easily offend the
author, given that I tend to be more offensive than most people.

So, please feel free to send me a note publicly or privately if you
would prefer that I not review the code in your submission, either
with a reason or without one.  I wont even state why I'm skipping an
entry.

In case your code is not meant to be a solid framework for a
production ready password hashing scheme, that is a good excuse.  If
your entry is more of a proof of concept, that is a good excuse.  If
you feel your paper and concept are solid, but the code is not yet
ready for prime-time, that is a good excuse.  I'm really just poking
at the code, and mostly looking for security flaws, though I'm trying
to also say what I like about each scheme.

However, if you consider your code ready and up to the challenge of a
big dork like me attacking it, I look forward to the review!  I need
practice finding weaknesses in code anyway, since I've signed up for
the Security Team at CipherShed, to help insure their code is
back-door free.

Bill
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUBl9ZAAoJEAcQZQdOpZUZAHQQAKVwgL/bQqHu6L5ZDesoE9W4
/0Oc87slWZHtyDbNwXjP2mqIk8k6EYW1lzd4iGcITynTAdB0EbgcGD0TXtEIxFwp
ibspzmFtiJDFJuigcrsu+dxFkGJrdUhsBS3p6E9lDoLAKe85xMBGRIRFWd9lGXkZ
9FjZdQ4KidErDXB0UHlp/MA1BxDtsiBgA70tyficf/c4KY00P4nx2qPbbb0yDkdc
KRGr9w8atFgfzpN50U9F5dDf7T/S+nHBeQhZGHXRSoKOpi+JApr9X1+vFvzyENrs
pAYdErTqQjAlsMLGevbhmKZ72G0+ZkjuLpu7OK38VrGjeJCVIBkGWQA2ohPzP4LB
2XggWnna2VWY2rYURObLOIkg6cAnrF5ySAXKz/F32eHZtK1BCKxC1yoCAK2FKClB
JlKwGoZ1acSmq/uf9tIpECX8jmB7dca4URXfiytYO+NyeVys4nzDJNr+6Hp7+rQL
ZnM6GM9p0uoEjy44oHoi4e5xxmQwvci8QblN6knrRqNdJLfnpVxWedoyHiCWgXtA
NVRx+ONoIoqx1w++fJZ9MpaYCBZezw9rTPS8E6wTvZc3NI2JtX6LItuybjPWbwQW
IZsoQe77Nzb3CYJdwCUQqeRqr3YLFfGDKfcu/jak2FoPeNzZtanMeNv8ZHh0d/8w
BG3O/Qlxqs4Zp31CGeAN
=i6zB
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists