lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20150210150045.GA6946@openwall.com>
Date: Tue, 10 Feb 2015 18:00:45 +0300
From: Solar Designer <solar@...nwall.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] PHC status report

On Tue, Feb 10, 2015 at 12:04:08PM +0100, Kriszti??n Pint??r wrote:
> On Tue, Feb 10, 2015 at 11:37 AM, Jean-Philippe Aumasson
> <jeanphilippe.aumasson@...il.com> wrote:
> 
> > Each panel member was
> > requested to list his/her favorite and least favorite submissions
> 
> i think this voting should be public.

I think publishing the upvote and downvote counts in here would in fact
be a good idea.  I think we shouldn't publish them on the website (which
is "more official"), because we used the voting as a tool to focus
further discussion rather than to definitively choose the finalists.

As (I think) it's been mentioned before, panel members who had their own
submissions did not vote.  But they did participate in discussions on
other submissions.

> not that i agree with this method.

I guess you'd prefer some scoring system?  It wouldn't work.  Opinions
varied on what properties would be best to have vs. to avoid, so we
couldn't possibly have arrived at a common scoring system.

I think the "non-binding" voting followed by a discussion worked well,
as compared to other approaches we could have tried to use.

> > To let members speak freely about submissions,
> > both positively and negatively, these discussions were not made
> > public.
> 
> this discussion should also be summarized, anonimized, and made public.

That's significant effort that's unlikely to address your concerns.

That said, if/after we publish the voting results, I think it would in
fact be beneficial to also explain the reasons why the final selection
differs from the "top 9" per voting slightly.  It's about diversity, but
we'd need to be more specific.

Alexander

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ