lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 13 Apr 2015 21:13:48 +0000
From: Marsh Ray <maray@...rosoft.com>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>
Subject: RE: [PHC] winner selection

From: Jim Manico [mailto:jim@...ico.net] 
>
> Why only have one winner? Why not choose several winners with various trade-offs based on need?

Here's my 2c on that, which I sent to the -panel list a minute ago:

The vast majority of developers want a function they can call with a plaintext password string and retrieve a base64 string they can keep in the database such that when their database invariably gets pwned, they will be able to say "yes we were storing our password credentials according to accepted industry standard best practices, specifically PHCWINNER<X, Y, Z>". And not only do they want to be able to *say* that, they do want it to be as genuinely secure as is practical within their hardware constraints.

Check out this blog post: http://www.unlimitednovelty.com/2012/03/dont-use-bcrypt.html Here's a discussion about it https://news.ycombinator.com/item?id=3724560 that also comes up in search results. I'm not reading it closely enough to pass judgement. But I'm sure we could find other blog posts that say the exact opposite, and the discussion goes on and on. Today developers read some random subset of this advice, come away confused, and often choose poorly.

PHC is our best opportunity to fix this! We want the search results filled up instead with *good* advice for the general case instead of bad. We want all those bloggers to go back and blog "PHC has selected a winner and it is ...".

So I want one winner that's a drop-in upgrade for the vast majority of the uses of Bcrypt/Scrypt/PBKDF2/SHA-1/MD5/crypt(3) out there today.

I don't mind if we endorse other functions for special cases, as long as we are abundantly clear that they are endorsed only when used for their special semantics and are not to be considered alternative recommendations for the general case.

- Marsh

Powered by blists - more mailing lists