lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CY1PR0301MB06680E9BA1E5F188C3EB535DAC1F0@CY1PR0301MB0668.namprd03.prod.outlook.com>
Date: Thu, 5 Mar 2015 21:00:46 +0000
From: Greg Zaverucha <gregz@...rosoft.com>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>
Subject: RE: [PHC] PHC output specifics

I support having a standardization phase. Better that we do it than some standards organization. I think following the selection of a winner, a spec is written (specifying the additional details Marsh listed) and the reference implementation is updated to match.   The spec can (and should, IMO) constrain how the winning algorithm is used, fixing certain parameters or otherwise reducing the number of options.   For comparison, the AES algorithm Rijndael supported different block sizes, but the final spec fixed this parameter to 16 bytes. 

I would like this to become a well-defined phase of the PHC -- and the timeline [1] updated to reflect this. Some people might go ahead and start using the algorithm before the spec is completed, then end up with something that doesn't interoperate, but I think this is worth the risk. 

Greg

[1] https://password-hashing.net/timeline.html 

-----Original Message-----
From: Solar Designer [mailto:solar@...nwall.com] 
Sent: Thursday, March 5, 2015 2:37 AM
To: discussions@...sword-hashing.net
Subject: Re: [PHC] PHC output specifics

[snip] 

> If we don't define these things, other people will. Lots of other people, incompatibly, and hilarity will ensue.

Right.  We need a standardization phase.  And maybe we should combine it with winner selection.  And maybe we should make some tweaks to the finalists themselves (in coordination with the submitters, of course) as we standardize them as winners - e.g., Bill sort of suggested that we make Catena a lot faster.  We should discuss this (separately from this thread).

Alexander

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ