lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CALW8-7Kk8qekydUsmPNN7RV3p4n_o8ZWosqU6HiVU1ezWAE=gQ@mail.gmail.com>
Date: Tue, 28 Jul 2015 13:05:56 +0200
From: Dmitry Khovratovich <khovratovich@...il.com>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>
Subject: Re: [PHC] Argon2d nit picks

Hi Bill,

sorry for late reply. Thank you for the notes.

Ad is associated data, which may contain some additional information to be
hashed together with the password (ID, credentials, etc.). I will talk more
about that in the API discussion.


On Wed, Jul 22, 2015 at 6:25 PM, Bill Cox <waywardgeek@...il.com> wrote:

>
>
> Argon should return an error code when output > MAX_OUTLEN (currently 2^32
> - 1).  Currently, it fills only MAX_OUTLEN bytes, and returns success.
>

Correct.


> Similarly, return error codes for msglen, noncelen, secretlen, adlen, and
> m_cost when they are too long.  What is ad?
>

Will be done.


>
> Rename msg to passwd or password.  There is no way to know that msg means
> the password otherwise.
>

Shall there be password? There can be any (low-entropy) message to be
hashed.


>
> What is ad?  If it is not clear just reading the code, that's a problem.
>

Will be explained.


>
> Why is the max secret size 32?  Why not be variable, like the password?
>

Is there need for longer key lengths. Certainly can be variable.


>
> Line 321: comment is out of date.  Minimum t_cost is now 1: //minimum
> t_cost =3
>
> Code should be reformatted to conform to a popular standard.  For example,
> this is not cool:
>
>     }
>     else prev_index = BLOCK(lane, slice, i - 1);
>

The entire code will be refactored.


>
> Optimized and reference code do not clear any secret parameters, making it
> vulnerable to garbage collector attacks.
>

Will be added.


>
> Bill
>



-- 
Best regards,
Dmitry Khovratovich

Content of type "text/html" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ