lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 17 Sep 2015 14:15:45 +0200
From: Thomas Pornin <>
Subject: Re: [PHC] Specification of a modular crypt format

On Thu, Sep 17, 2015 at 10:09:31AM +0200, Krisztián Pintér wrote:
> another note: a middle ground option would be to standardize the
> string in the strict way, but not require parsers to fail if they are
> able to make sense of it, but does not conform to the rules. i.e. if a
> software produces 001, it is incorrect. but a parser might or might
> not parse 001, both are ok. if it parses, it must parse to 1
> obviously.

I like that proposal.

> i'm not aware of any usual structure for handing a list of strings to
> a function that is not ordered.

In an object-oriented implementation, the generic parser would be given
not a lost of parameters, but an associative map of parameter names to
instances that parse the specific parameter values. Languages that offer
associative maps with an easy-to-use syntax (in particular scripting
languages) tend to rely on hashtables, which do not guarantee any kind
of ordering (e.g. Perl associative arrays).

For a C implementation, where dynamic allocation is uncomfortable and
the standard library lacks anything that looks like an associative map,
such an object-oriented implementation would use an array of struct with
two fields (parameter name, and pointer to parameter-parsing function),
and that would naturally have a fixed order.

	--Thomas Pornin

Powered by blists - more mailing lists