lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 7 Sep 2015 14:47:58 +0200
From: Dmitry Khovratovich <>
To: Jean-Philippe Aumasson <>
Cc: "" <>
Subject: Re: [PHC] Interest in specification of modular crypt format

We are definitely interested in including all necessary formats to the spec
and the reference implementation, to ease the correct use of Argon2 and
make the incorrect use more difficult, in turn.

We are ready to implement the proposed encoding standard in the code, or
help to integrate, say, Thomas' code into the reference implementation.

There must be some simple and robust API coming with the format, for example
 GenerateHash(NewPassword, UserData) -> (Digest, Salt, UserData)
 VerifyHash(Password,UserData,Digest,Salt) -> true/false


On Mon, Sep 7, 2015 at 12:39 PM, Jean-Philippe Aumasson <> wrote:

> Definitely needed. Any help welcome :-)
> @Dmitry: were you planning to add this to the A2 specs?
> On Sun 6 Sep 2015 at 20:40 Thomas Pornin <> wrote:
>> On Sun, Sep 06, 2015 at 05:20:10PM +0100, Hugo Landau wrote:
>> > Now that a winner has been announced, I wondered if the PHC has any
>> > interest in specifying a modular crypt format to supplement the final
>> > specification for Argon2?
>> My opinion is that such a specification should really exist, and,
>> preferably, be included right into the "official specification" (maybe
>> as an appendix) and into the reference implementation(s) as well.
>> Lack of a definite, standard format indeed always leads to a plethora
>> of incompatible formats that cause severe headaches down the line
>> (e.g. when switching implementations but reusing an existing database
>> of hashed passwords).
>> If the Argon2 authors do not have time for that, I can contribute the
>> specification and code if needed (I have not written anything to that
>> effect yet for Argon2, but I did for Makwa, so I believe I can do that
>> job properly).
>>         --Thomas Pornin

Best regards,
Dmitry Khovratovich

Content of type "text/html" skipped

Powered by blists - more mailing lists