lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20150906183952.GA27850@bolet.org>
Date: Sun, 6 Sep 2015 20:39:52 +0200
From: Thomas Pornin <pornin@...et.org>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Interest in specification of modular crypt format

On Sun, Sep 06, 2015 at 05:20:10PM +0100, Hugo Landau wrote:
> Now that a winner has been announced, I wondered if the PHC has any
> interest in specifying a modular crypt format to supplement the final
> specification for Argon2?

My opinion is that such a specification should really exist, and,
preferably, be included right into the "official specification" (maybe
as an appendix) and into the reference implementation(s) as well.
Lack of a definite, standard format indeed always leads to a plethora
of incompatible formats that cause severe headaches down the line
(e.g. when switching implementations but reusing an existing database
of hashed passwords).

If the Argon2 authors do not have time for that, I can contribute the
specification and code if needed (I have not written anything to that
effect yet for Argon2, but I did for Makwa, so I believe I can do that
job properly).


	--Thomas Pornin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ