| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <7010715657.20141210214945@gmail.com> Date: Wed, 10 Dec 2014 21:49:45 +0100 From: Krisztián Pintér <pinterkr@...il.com> To: discussions@...sword-hashing.net Subject: Re: [PHC] PHC finalists announcement Marsh Ray (at Wednesday, December 10, 2014, 12:21:41 AM): > Read the Bcrypt paper if you haven't already. It's a great paper > about a great password hashing scheme. > https://www.usenix.org/legacy/events/usenix99/provos/provos.pdf > But observe the ambiguity it leaves for implementers wishing to > make a bug-free and compatible implementation. > Observe the lack of a portable reference implementation. > Observe the lack of a diverse set of test vectors. you know, these are pretty good points. i personally don't like bcrypt, but it is undoubtedly delivers what it promises. and also you can find a lot of applications and a lot of love for it. i myself implemented it, and i've never read the original paper. i used the openbsd source and 3rd party implementations. for all i care, the original paper could be in chinese. i was able to implement keccak based on the papers, but only after a lot of trial and error. yet, keccak was selected anyway, for the soundness of the *algorithm*.
Powered by blists - more mailing lists