lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 14 Aug 2015 06:06:01 +0000
From: Peter Gutmann <pgut001@...auckland.ac.nz>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>
Subject: RE: [PHC] Argon2 improvement thread

Krisztián Pintér <pinterkr@...il.com> writes:

>1, i propose not doing allocation within the hash function at all. memory
>should be void* parameter to a buffer to use. rationale: there are different
>ways of allocating memory. on embedded systems, there might be no heap at all,

+1.

>2, i propose taking the password and the salt in a pre-padded, fixed size
>block. rationale: it might be not straightforward how to copy the password
>from a buffer in a manner that does not leak the password length. 

Counterargument: If there's a need to do this, then the Argon implementers are
going to do a much better job than some random developer who isn't even aware
of side-channel attacks, let alone how to deal with them.

>5, the result should be a binary of the designed length. no encoding or
>parameter-prepending is necassary. rationale: it is the task of the outer
>layers. 

+1.  PKCS #7/CMS/PGP/etc already do this for you, so you don't need to encode
parameters yourself.

Peter.

Powered by blists - more mailing lists