lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CA+hr98GFGoXg8uF5c33EzGboeqvww-4+Z3ozV9jgY-UV4_7G+w@mail.gmail.com> Date: Fri, 24 Apr 2015 10:25:45 +0200 From: Krisztián Pintér <pinterkr@...il.com> To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net> Subject: Re: [PHC] (not) protecting password length from side-channels (Re: [PHC] Argon2 modulo division) On Fri, Apr 24, 2015 at 1:38 AM, Bill Cox <waywardgeek@...il.com> wrote: > If you compute H(salt || domain || password) when > talking to a remote URL, and send an ASCII hash digest instead of a > password, you gain a lot of protection, regardless of what hashing algorithm > the remote server uses. it is a very good client side password management option, but you need a costly H to be secure. developing such a H is our task here :)
Powered by blists - more mailing lists