| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 4 May 2015 20:18:18 +0300
From: Solar Designer <solar@...nwall.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Client-side hashing (was side-channel stuff)
On Mon, May 04, 2015 at 04:51:51PM +0200, Sascha Schmidt wrote:
> I added the missing keyed finalization to Catena. You can now use
> server relief, keyed hashing and client-independent updates together.
> You can find it on github for now,
I found commit c793a7a871ad7ce54d3f780d8e1fbe8d5c2f699e "added keyed
server relief", made by you today. Can you explain how this differs
from what Christian Forler referred to here? -
http://thread.gmane.org/gmane.comp.security.phc/612/focus=674
"Catena supports "Keyed Password Hashing" [...] I just added the
feature."
Is this Catena_Keyed_Hashing() (available before) vs.
Catena_Keyed_Server() (added now)?
> but I'm sure that we are going to update the submission soon.
This is merely an API enhancement, not a tweak, right?
> 2015-04-25 11:57 GMT+02:00 Sascha Schmidt <sascha.schmidt@...-weimar.de>:
> > 2015-04-25 0:40 GMT+02:00 Steve Thomas <steve@...tu.com>:
> >> h = fastHash(password, salt)
> >> for u = 1 to upgrade
> >> {
> >> h = fastHash(slowHash(h, t_cost, m_cost))
> >> t_cost = increaseTCost(t_cost)
> >> m_cost = increaseMCost(m_cost)
> >> }
> >> return encrypt(h, key) // HSM? :)
> > You are totally right. I don't know how I missed this. The most
> > embarrassing thing is, that this would already be possible with
> > Catena. The only thing missing is the server-side finalization with
> > encryption.
> > I hope I haven't caused any confusion with my previous mail.
Alexander
Powered by blists - more mailing lists