lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <552D1396.1060809@Oracle.COM> Date: Tue, 14 Apr 2015 14:18:14 +0100 From: Darren J Moffat <Darren.Moffat@...cle.COM> To: discussions@...sword-hashing.net Subject: Re: [PHC] winner selection On 04/13/15 22:13, Marsh Ray wrote: > PHC is our best opportunity to fix this! We want the search results > filled up instead with*good* advice for the general case instead of > bad. We want all those bloggers to go back and blog "PHC has selected > a winner and it is ...". There is also an potential interoperability angle (if the password hash "database" is used by multiple consumers or needs to be migrated without forcing users to change their cleartext. Choices in which to use don't always help with that. > So I want one winner that's a drop-in upgrade for the vast majority > of the uses of Bcrypt/Scrypt/PBKDF2/SHA-1/MD5/crypt(3) out there > today. Agreed. Though personally I don't mind too much if we end up with different algorithms for the PDKDF2 (key derivation) replacement use cases versus "password hash" use cases. -- Darren J Moffat
Powered by blists - more mailing lists