| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAOLP8p6ZaMNRoq3EJZ1x5Zy-Fs3wR1mEiZj0yQ49RKKFuJ-Oag@mail.gmail.com>
Date: Fri, 13 Mar 2015 14:43:01 -0700
From: Bill Cox <waywardgeek@...il.com>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>
Subject: Re: [PHC] Password hashing by itself is not enough
On Fri, Mar 13, 2015 at 7:26 AM, Thomas Pornin <pornin@...et.org> wrote:
> From all of the above, I recommend the following:
>
> -- Publish a PHS "standard API" that does not include any provision for
> an additional secret key.
>
> -- Publish _another_ API, possibly even an _implementation_, that wraps
> around the previous one, and provides key-based password hashing with
> the "method 3": PHS is used to produce a 128-bit output, and that output
> is encrypted symmetrically with AES (single-block encryption).
>
> -- Write a note that states that an additional key is _possible_, and
> if one wants it then it should be done properly (as demonstrated by the
> implementation from the previous point), but cannot be recommended in
> all generality because whether it is a good idea or not depends on the
> context. Keys mean key management, an often underestimated thorny
> issue.
>
> Arguably, doing anything with such key strengthening is outside of the
> scope of PHC and may/should be left to other people.
>
>
> --Thomas Pornin
>
I 100% agree with this recommendation. Sorry for this lame "+1" post, but
it's getting buried among other comments. A second API, an implementation,
and some warnings about the difficulty and dangers of key management sound
about right to me.
Bill
Content of type "text/html" skipped
Powered by blists - more mailing lists