lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 10 Dec 2014 21:49:45 +0100
From: Krisztián Pintér <>
Subject: Re: [PHC] PHC finalists announcement

Marsh Ray (at Wednesday, December 10, 2014, 12:21:41 AM):

> Read the Bcrypt paper if you haven't already. It's a great paper
> about a great password hashing scheme.

> But observe the ambiguity it leaves for implementers wishing to
> make a bug-free and compatible implementation.

> Observe the lack of a portable reference implementation.

> Observe the lack of a diverse set of test vectors.

you know, these are pretty good points. i personally don't like
bcrypt, but it is undoubtedly delivers what it promises. and also you
can find a lot of applications and a lot of love for it. i myself
implemented it, and i've never read the original paper. i used the
openbsd source and 3rd party implementations. for all i care, the
original paper could be in chinese. i was able to implement keccak
based on the papers, but only after a lot of trial and error. yet,
keccak was selected anyway, for the soundness of the *algorithm*.

Powered by blists - more mailing lists