lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 17 Mar 2015 14:08:41 +0100 From: Jean-Philippe Aumasson <jeanphilippe.aumasson@...il.com> To: discussions@...sword-hashing.net Subject: pre-hashed passwords? (After reading this nice post about passwords including null bytes: http://blog.ircmaxell.com/2015/03/security-issue-combining-bcrypt-with.html) Has anyone already seen password hashes "pre-hashing" a password, to handle length limitations? Things like password_hash(hash('sha256', $password, true), PASSWORD_DEFAULT) password_hash(hash_hmac('sha256', $password, $key, true), PASSWORD_DEFAULT)
Powered by blists - more mailing lists