lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CALiR+uPtacD4pqhG5fjgeSVdcvimDitA0+Q5z4PXTGbkrx4cJQ@mail.gmail.com> Date: Fri, 13 Mar 2015 15:14:13 +0100 From: Sascha Schmidt <sascha.schmidt@...-weimar.de> To: discussions@...sword-hashing.net Subject: Re: [PHC] Password hashing by itself is not enough 2015-03-13 5:28 GMT+01:00 Ben Harris <mail@...rr.is>: > The latest Catena paper suggests a way to do this in a reversible manner (to > preserve the client independent update). Thanks for bringing this up. We totally forgot to implement the client-independent update for keyed hashing. I just pushed a version containing it to my github. Christian will probably merge it soon.