[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <9B017731-132B-4F8F-8985-C165DC35B913@gmail.com>
Date: Wed, 1 Apr 2015 22:39:50 +0200
From: Dmitry Khovratovich <khovratovich@...il.com>
To: Jean-Philippe Aumasson <jeanphilippe.aumasson@...il.com>
Cc: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>,
"crypto-competitions@...glegroups.com" <crypto-competitions@...glegroups.com>
Subject: Re: Announcing the PHC winner
This is cool!!!
> On 1 Apr 2015, at 12:18, Jean-Philippe Aumasson <jeanphilippe.aumasson@...il.com> wrote:
>
> After over two years of in-depth analysis and careful deliberation, today the
> panel is pleased to announce that LM Hash has been unanimously selected as the
> winner of the PHC. To many panel members, the choice was obvious.
>
>
> Selection criteria includes the following, in no particular order:
>
> - LM Hash leverages the well-studied and proven DES block cipher.
>
> - Most users only select passwords that are 6 – 8 characters long, so LM Hash’s
> 14-character limitation is more than reasonable for the majority of use cases.
>
> - LM Hash is not case-sensitive, reducing the number of password reset requests
> and Help Desk tickets that result from users not remembering their precise
> passwords.
>
> - Most LM Hash values have already been pre-computed and made publicly
> available, reducing load on authentication servers.
>
> - LM Hash does not require the use of salt, which aligns with the American
> Heart Association’s guidelines for a low-sodium diet.
>
> - LM Hash requires little energy to compute, thereby contributing to
> environment-friendly authentication systems.
>
>
> As a Microsoft employee, Marsh Ray was the most vocal advocate for LM Hash,
> noting that Microsoft, IBM, and 3Com have had support for LM Hash since 1988.
> Alexander Peslyak added that LM Hash is the ideal PHC winner since it’s already
> well-supported in John the Ripper. Jeremi Gosney and Jens Steube were quick to
> agree, noting that LM Hash has all of the qualities they desire in a password
> hash.
>
>
> Comparing LM Hash to other PHC finalists:
>
> - Unlike LM Hash, Argon and Catena are resistant to TMTO, wasting valuable CPU
> cycles.
>
> - Battcrypt uses Blowfish, which was developed by that charlatan Bruce
> Schneier. LM Hash uses DES, which was developed by IBM and the NSA. Which do
> you trust more?
>
> - Lyra2 relies on a sponge for security, which is by definition full of holes.
> LM Hash relies on a block cipher. Blocks don’t have holes.
>
> - Pufferfish encrypts the palindrome "Drab as a fool, aloof as a bard." LM Hash
> encrypts the string “kgs!@#$%”, saving the user 24 bytes.
>
> - LM Hash is far simpler than yescrypt! It can be described in one line,
> whereas yescrypt can't even be described in one book.
>
> - Unlike Makwa, LM Hash is post-quantum!
>
> - Parallel was designed by Steve Thomas, who you can't trust to hash your
> password. LM Hash wasn't designed by Steve but by trusted Microsoft experts.
>
>
> Being the choice of foremost thought leaders in the field, LM Hash is already a
> success:
>
> - LM Hash will appear in the next Gartner Magic Quadrant for state-of-the-art
> password hashing.
>
> - Academic researchers have started applying for grants in order to investigate
> security proofs of LM Hash in the related-password model under relaxed
> misuse-resistance assumptions. Leading researchers already expect breakthrough
> indifferentiability proofs in the ideal cipher model.
>
> - A new secure messaging application will generate one-time-pad masks from user
> passwords using LM Hash, promising higher security than legacy solutions such
> as TextSecure.
>
>
>
> JP Aumasson & Jeremi Gosney, on behalf of the PHC panel
>
> --
> You received this message because you are subscribed to the Google Groups "Cryptographic competitions" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to crypto-competitions+unsubscribe@...glegroups.com.
> To post to this group, send email to crypto-competitions@...glegroups.com.
> Visit this group at http://groups.google.com/group/crypto-competitions.
> For more options, visit https://groups.google.com/d/optout.
Powered by blists - more mailing lists