lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 4 May 2015 20:18:18 +0300
From: Solar Designer <solar@...nwall.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Client-side hashing (was side-channel stuff)

On Mon, May 04, 2015 at 04:51:51PM +0200, Sascha Schmidt wrote:
> I added the missing keyed finalization to Catena. You can now use
> server relief, keyed hashing and client-independent updates together.
> You can find it on github for now,

I found commit c793a7a871ad7ce54d3f780d8e1fbe8d5c2f699e "added keyed
server relief", made by you today.  Can you explain how this differs
from what Christian Forler referred to here? -

http://thread.gmane.org/gmane.comp.security.phc/612/focus=674

"Catena supports "Keyed Password Hashing" [...] I just added the
feature."

Is this Catena_Keyed_Hashing() (available before) vs.
Catena_Keyed_Server() (added now)?

> but I'm sure that we are going to update the submission soon.

This is merely an API enhancement, not a tweak, right?

> 2015-04-25 11:57 GMT+02:00 Sascha Schmidt <sascha.schmidt@...-weimar.de>:
> > 2015-04-25 0:40 GMT+02:00 Steve Thomas <steve@...tu.com>:
> >> h = fastHash(password, salt)
> >> for u = 1 to upgrade
> >> {
> >>   h = fastHash(slowHash(h, t_cost, m_cost))
> >>   t_cost = increaseTCost(t_cost)
> >>   m_cost = increaseMCost(m_cost)
> >> }
> >> return encrypt(h, key) // HSM? :)
> > You are totally right. I don't know how I missed this. The most
> > embarrassing thing is, that this would already be possible with
> > Catena. The only thing missing is the server-side finalization with
> > encryption.
> > I hope I haven't caused any confusion with my previous mail.

Alexander

Powered by blists - more mailing lists