lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <9B017731-132B-4F8F-8985-C165DC35B913@gmail.com> Date: Wed, 1 Apr 2015 22:39:50 +0200 From: Dmitry Khovratovich <khovratovich@...il.com> To: Jean-Philippe Aumasson <jeanphilippe.aumasson@...il.com> Cc: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>, "crypto-competitions@...glegroups.com" <crypto-competitions@...glegroups.com> Subject: Re: Announcing the PHC winner This is cool!!! > On 1 Apr 2015, at 12:18, Jean-Philippe Aumasson <jeanphilippe.aumasson@...il.com> wrote: > > After over two years of in-depth analysis and careful deliberation, today the > panel is pleased to announce that LM Hash has been unanimously selected as the > winner of the PHC. To many panel members, the choice was obvious. > > > Selection criteria includes the following, in no particular order: > > - LM Hash leverages the well-studied and proven DES block cipher. > > - Most users only select passwords that are 6 – 8 characters long, so LM Hash’s > 14-character limitation is more than reasonable for the majority of use cases. > > - LM Hash is not case-sensitive, reducing the number of password reset requests > and Help Desk tickets that result from users not remembering their precise > passwords. > > - Most LM Hash values have already been pre-computed and made publicly > available, reducing load on authentication servers. > > - LM Hash does not require the use of salt, which aligns with the American > Heart Association’s guidelines for a low-sodium diet. > > - LM Hash requires little energy to compute, thereby contributing to > environment-friendly authentication systems. > > > As a Microsoft employee, Marsh Ray was the most vocal advocate for LM Hash, > noting that Microsoft, IBM, and 3Com have had support for LM Hash since 1988. > Alexander Peslyak added that LM Hash is the ideal PHC winner since it’s already > well-supported in John the Ripper. Jeremi Gosney and Jens Steube were quick to > agree, noting that LM Hash has all of the qualities they desire in a password > hash. > > > Comparing LM Hash to other PHC finalists: > > - Unlike LM Hash, Argon and Catena are resistant to TMTO, wasting valuable CPU > cycles. > > - Battcrypt uses Blowfish, which was developed by that charlatan Bruce > Schneier. LM Hash uses DES, which was developed by IBM and the NSA. Which do > you trust more? > > - Lyra2 relies on a sponge for security, which is by definition full of holes. > LM Hash relies on a block cipher. Blocks don’t have holes. > > - Pufferfish encrypts the palindrome "Drab as a fool, aloof as a bard." LM Hash > encrypts the string “kgs!@#$%”, saving the user 24 bytes. > > - LM Hash is far simpler than yescrypt! It can be described in one line, > whereas yescrypt can't even be described in one book. > > - Unlike Makwa, LM Hash is post-quantum! > > - Parallel was designed by Steve Thomas, who you can't trust to hash your > password. LM Hash wasn't designed by Steve but by trusted Microsoft experts. > > > Being the choice of foremost thought leaders in the field, LM Hash is already a > success: > > - LM Hash will appear in the next Gartner Magic Quadrant for state-of-the-art > password hashing. > > - Academic researchers have started applying for grants in order to investigate > security proofs of LM Hash in the related-password model under relaxed > misuse-resistance assumptions. Leading researchers already expect breakthrough > indifferentiability proofs in the ideal cipher model. > > - A new secure messaging application will generate one-time-pad masks from user > passwords using LM Hash, promising higher security than legacy solutions such > as TextSecure. > > > > JP Aumasson & Jeremi Gosney, on behalf of the PHC panel > > -- > You received this message because you are subscribed to the Google Groups "Cryptographic competitions" group. > To unsubscribe from this group and stop receiving emails from it, send an email to crypto-competitions+unsubscribe@...glegroups.com. > To post to this group, send email to crypto-competitions@...glegroups.com. > Visit this group at http://groups.google.com/group/crypto-competitions. > For more options, visit https://groups.google.com/d/optout.
Powered by blists - more mailing lists