lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAOLP8p6OKftzVeu4GQbykRkgEUGSUkxYhRYpn-TKx-3bOpWtbg@mail.gmail.com>
Date: Tue, 21 Jul 2015 12:44:17 -0700
From: Bill Cox <waywardgeek@...il.com>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>
Subject: Re: [PHC] Argon2 improvement thread

I think we should work on a standard API for interfacing to Argon2.  The
Argon2Ref interface is a bit confusing.  For example, instead of "password"
and "salt", there's "secret" and "nonce".  This may make sense to us, but
it will confuse most programmers.

The PHS interface does not have a parallelism parameter, which needs to be
added.  I also think we should pass a boolean telling Argon2 if it's OK to
scrub the password buffer passed in once the initial derived key is
computed.  We talk a lot about garbage-collection attack resistance, and
then we just leave the password sitting there in it's buffer.  This is
pretty sad, IMO.

Also, have Alexander's concerns about excessive parallelism in Argon2 been
addressed?  I missed the resolution of this issue.  Would his suggested
MAXFORM (whatever that is) fix it?

Bill

Content of type "text/html" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ