lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 06 Sep 2015 22:02:28 +0200
From: Simon Josefsson <simon@...efsson.org>
To: Thomas Pornin <pornin@...et.org>
Cc: discussions@...sword-hashing.net
Subject: Re: Interest in specification of modular crypt format

Thomas Pornin <pornin@...et.org> writes:

> On Sun, Sep 06, 2015 at 05:20:10PM +0100, Hugo Landau wrote:
>> Now that a winner has been announced, I wondered if the PHC has any
>> interest in specifying a modular crypt format to supplement the final
>> specification for Argon2?
>
> My opinion is that such a specification should really exist, and,
> preferably, be included right into the "official specification" (maybe
> as an appendix) and into the reference implementation(s) as well.
> Lack of a definite, standard format indeed always leads to a plethora
> of incompatible formats that cause severe headaches down the line
> (e.g. when switching implementations but reusing an existing database
> of hashed passwords).
>
> If the Argon2 authors do not have time for that, I can contribute the
> specification and code if needed (I have not written anything to that
> effect yet for Argon2, but I did for Makwa, so I believe I can do that
> job properly).

I worked on this for scrypt, see

https://gitlab.com/jas/scrypt-unix-crypt/blob/master/unix-scrypt.txt

and I am interested in working on this for Argon2 too.

I don't believe it is important to include this in the official
specification.  It should be fine to keep it in a separate document, and
for a disjoint, or only partially overlapping group of people, to work
on that project.  I do agree that a plethora of incompatible formats is
a severe pain, but if a number of people now agree on a writeup and
starts to experiment, I believe we can get closure on something that
should be "good enough" for others to accept.  That said, I'm not
opposed to including things in the official specification, if consensus
on details can be established.

/Simon

Download attachment "signature.asc" of type "application/pgp-signature" (473 bytes)

Powered by blists - more mailing lists