lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 5 May 2015 15:36:23 +0300
From: Solar Designer <solar@...nwall.com>
To: Bill Cox <waywardgeek@...il.com>
Cc: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>,
	Meltem Sonmez Turan <meltemsturan@...il.com>
Subject: Re: [PHC] NIST standardization

On Mon, May 04, 2015 at 10:01:31PM -0700, Bill Cox wrote:
> Er.. NIST?  Do we really want them involved?

We might or might not care, but I think for some prospective users
having the PHC winner NIST-standardized would be a plus.  In fact, for
some it could be a requirement.  That's why we have SHA-crypt, and
that's why Drupal 7 switched to SHA-512 as the crypto primitive for
their revision of phpass.  In both cases, needing NIST-approved crypto
was explicitly cited as the primary reason for the change.

Do you think NIST's reputation is that bad now it'd reflect badly on the
PHC winner?  I think it's not that bad.  An algorithm coming from/via
NIST could be received badly, but one that was developed and selected by
PHC independently of NIST and is later merely standardized is fine.

Alexander

Powered by blists - more mailing lists