[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87wpw32u5n.fsf@latte.josefsson.org>
Date: Sun, 06 Sep 2015 22:02:28 +0200
From: Simon Josefsson <simon@...efsson.org>
To: Thomas Pornin <pornin@...et.org>
Cc: discussions@...sword-hashing.net
Subject: Re: Interest in specification of modular crypt format
Thomas Pornin <pornin@...et.org> writes:
> On Sun, Sep 06, 2015 at 05:20:10PM +0100, Hugo Landau wrote:
>> Now that a winner has been announced, I wondered if the PHC has any
>> interest in specifying a modular crypt format to supplement the final
>> specification for Argon2?
>
> My opinion is that such a specification should really exist, and,
> preferably, be included right into the "official specification" (maybe
> as an appendix) and into the reference implementation(s) as well.
> Lack of a definite, standard format indeed always leads to a plethora
> of incompatible formats that cause severe headaches down the line
> (e.g. when switching implementations but reusing an existing database
> of hashed passwords).
>
> If the Argon2 authors do not have time for that, I can contribute the
> specification and code if needed (I have not written anything to that
> effect yet for Argon2, but I did for Makwa, so I believe I can do that
> job properly).
I worked on this for scrypt, see
https://gitlab.com/jas/scrypt-unix-crypt/blob/master/unix-scrypt.txt
and I am interested in working on this for Argon2 too.
I don't believe it is important to include this in the official
specification. It should be fine to keep it in a separate document, and
for a disjoint, or only partially overlapping group of people, to work
on that project. I do agree that a plethora of incompatible formats is
a severe pain, but if a number of people now agree on a writeup and
starts to experiment, I believe we can get closure on something that
should be "good enough" for others to accept. That said, I'm not
opposed to including things in the official specification, if consensus
on details can be established.
/Simon
Download attachment "signature.asc" of type "application/pgp-signature" (473 bytes)
Powered by blists - more mailing lists