lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 04 Sep 2014 06:19:47 -0400
From: Bill Cox <waywardgeek@...hershed.org>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] [SPAM?] Re: [PHC] A review per day - MCS_PHS

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/04/2014 02:33 AM, Mikhail Maslennikov wrote:
> Sorry, may be you analize old version MCS_PHS? New version (ver.2)
> was upgraded 30.08.2014, as wrote JP. In ver.2 I remove do ...
> while cycle. If you have problems to find latest version, you can
> download it from http://crypto.systema.ru/PHC/MCS_PHS_v2.zip.

You're right!  I reviewed the old code.  Sorry.  The new code does is
indeed a lot easier to read.  Line 72 doesn't make it harder to read,
but I think it is more common to just let the for loop execute 0
times, so 72 could be deleted.

More importantly, if you could change the order of your variable
parameters in the Hash function, it will make life easier for users
and reviewers.  That random variable order is what made me think you
must be a mathematician (that plus the fact that you are a hashing
function enthusiast).  They never seem to agree on variable order.  We
can't even get them to use HMAC with the password and salt in a
consistent order!  That is a real pain.  Every time I review code that
calls HMAC, I have to go check which variable order they used in the
definition.

> About reducing hash degree from 64 to outlen.  I want to use one
> specific feature of MCSSHA8 hash function: if Hi(M) and Hj(M) -
> hash with length i and j for some fixed message M, so this values
> will be different as random values for any not equal i and j. One
> of possible attack on Password Hashing Scheme like PBKDF could be
> Dictionary Attack, when attacker try to build dictionary for 
> transformation hash->Hash(hash). In "standart" PBKDF it's enough to
> build dictionary only for one hash function H, but if we use
> MCS_PHS it's neccessary to buid dictionary for each of different
> Hi. About internal buffer clearning - agree with you. Now I try to
> prepare ver.3 whith this clearning. About "some oddities in the
> code" and "fearful of using it" - please, look latest version. May
> be it will be not so "fearful". About mathematician - it's true. 
> Thank you. Mikhail Maslennikov 04.09.2014, 01:18, "Bill Cox"
> <waywardgeek@...hershed.org <mailto:waywardgeek@...hershed.org>>:

I'd love to discuss more about the merits of how you are hashing, but
I wont.  This list has already had to put up with me learning the
basics of password hashing schemes.  They don't need to put up with me
learning about hashing functions.  Your new code is a lot less scary,
and with the variable order fixed, it would pass my code review.

Thanks for the reply, and sorry about reviewing the old version.

Bill
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUCDzAAAoJEAcQZQdOpZUZwiQP/1l9Z8JuRg7r//axzjV7s26c
pKcH6OKBNvBFGaqPly57VpLEtgYzCxyu8o1enm4p7MB7Rm0fLRzYvXlMrx8IDDlt
GFzR33sVRNO1CK0z5VAbAo10HgHmRikPi3FOhf/3kTQAbGH5AOJfahBtWOyGFLRm
z17g2bPxKKbMgL7THxZF+GocfspwM+8Rgm3uBoumAw+hgAox30WLhBySBz+nQ2An
G9oK+OUq2AYg1NJjIXdTmQGg1XBMrHFDqQrMkyluOpQ+TfJhvhabsaAFX6UmqWdq
hm1ngeMWlm/MUD0o7uHMeRaZrs/vER+Ya4+anCxsy4MSl4AIuoO0vrhBuDdVlLrT
xuPf2XO7YOZjYNmrcVVViOJbCb9CI8A5lQWobigE/2JS+Q9+6J3WmT2HLoGeSqG7
NHVIJdo18bYSbyaq2oZSwn9CYvOo1/UUkDJPQPonypELJEuhSE1kYv3V24OOhB6M
19VeDgcQBenDQ2qJMz33Bb3RRq4XCMAtMp0eQ0/jG4XPzO/vQVlKCEbnCclXD5hb
6DmVgsX7YrJphQSZJGXLvikJOhtL0cJtvi/g4vhDnnbP/xbdMO555MAWci5PjcLk
FHnYk5aPL8pWPJDUNicXWU7SKN7Ktpg/dZ5U2aqK8SyYGatsBxtX2S1jCormt7PT
2ndW7eWruI3wS1wP/Fxd
=y2h9
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists