lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 14 Aug 2015 15:22:56 +0200
From: Krisztián Pintér <>
To: "" <>
Subject: Re: [PHC] Argon2 improvement thread

On Fri, Aug 14, 2015 at 1:38 PM, Thomas Pornin <> wrote:
> incurs the risk of seeing the job botched by people who are
> not fully aware of what a salt could be.

i don't think that people without understanding what a salt is can
develop secure code, no matter what interface you are providing.
making it clear that the algorithm needs a salt, for example having a
dedicated parameter named "salt" sounds like a good idea, and is
followed by most (all?) candidates. if a programmer sees a salt
parameter, and does not put a proper salt in it, we are really out of
meaningful options. unless you want to include generating random salts

> is not that bcrypt users have understood what the salt is for; rather,
> it is because the bcrypt implementations already encode the parameters
> and salts into a single aggregate string,

coding the salt into the final hash does not ensure anything. users
can still reuse salts, etc.

> however I think it is important that such
> a wrapper be made "standard" by publishing it with the function

i don't see the argument for packing the two together. usage modes
usually will be handled in libraries. cross-platform compatibility
will be handled in dedicated encoding RFCs and such.

i understand the urge to control everything in fear of errors. but
this urge should be dialed back, as it is counterproductive most of
the time.

Powered by blists - more mailing lists