lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 01 Jul 2015 11:51:57 -0700
From: Larry Bugbee <>
Subject: Re: [PHC] Password hashing as a self-overwriting Turing machine

On Jul 1, 2015, at 9:14 AM, denis bider <> wrote:

> Instead, we first use a trusted algorithm, SHA-512, to generate random data dependent on the salt and password; and then we interpret and execute that data as a self-overwriting Turing machine composed of entropy-preserving operations. The Turing machine is allowed to run for a fixed number of operations, but its memory access pattern is random (dependent on the salt), and its order of operations is random (dependent on the salt and password). The result is a cryptographic digest of the state of the Turing machine, after the specified number of operations.

I very much doubt you have a true Turing machine.  A Turing machine is theoretically able to solve all computable problems.  The output of the hashing of the salt and password will be fixed length, and "programs" of a certain fixed length can only solve a subset of all computable problems.

May I suggest a name change?

Powered by blists - more mailing lists