lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 06 May 2015 10:37:04 +1200
From: Peter Gutmann <>
Subject: Re: [PHC] Argon2

<> writes:

>If the panel accepts the Argon2 tweaks, it should give the other finalists a
>decent amount of time to propose tweaks as well. Everything else would be
>extremely unfair.

For something like this, which could potentially be in use for decades (triple
DES dates back forty years and is still going strong, AES will be with us
forever), I'm perfectly happy to wait a little longer if it'll produce a
better result.  I realise that there's pressure to produce something soon,
combined with the "permanent beta" state of many computer-related designs (my
own software included :-), but for my part I'd be happy to wait a little
longer for a better design.

One current unknown is that the split for "allow tweaks" is just "now" and
"not now", we don't know whether the designers of the leading candidates can
get tweaks in in a few weeks or a few months.  Would it help to have a time
estimate by the various people involved for how long it'd take to get the
tweaks ready?

While I'm asking for input, could I get a show of hands from people who think
the leading contenders are all extremely good, and very difficult to select a
best one from?  This is something I've been struggling with for awhile, I
wonder how many others are in the same boat.


Powered by blists - more mailing lists