lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 22 May 2016 18:17:11 -0400
From: Scott Arciszewski <scott@...agonie.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Verbify "password hash"

On Sun, May 22, 2016 at 6:10 PM, Maarten Bodewes
<maarten.bodewes@...il.com> wrote:
> Hi Scott,
>
> "Perform password hashing" (yes, that's sidestepping the issue), or
> otherwise "perform password based key derivation" (PBKDF2 is password based
> key derivation function #2, and PBKDF can be thought of as a generic name
> for a function performing password hashing).
>
> I don't like key stretching.
>
> First of all, a Key Based KDF such as HKDF can also perform key stretching.
> Second, key stretching is a function that's part of the password hashing -
> it's not identical to it. HKDF for instance consists of two parts:
> HKDF-Extract and HKDF-Expand. The key stretching would be (part of)
> HKDF-Expand.
> And finally, most people would not put a connection between key stretching
> and password hashing.
>
> "Phash" is probably the best shorthand. But I'm not sure that there is a
> need for one, nor that it will get any traction.
>
> Regards,
> Maarten
>
> 2016-05-22 23:48 GMT+02:00 Scott Arciszewski <scott@...agonie.com>:
>>
>> On Sun, May 22, 2016 at 5:27 PM, Krisztián Pintér <pinterkr@...il.com>
>> wrote:
>> >
>> > Scott Arciszewski (at Sunday, May 22, 2016, 11:17:28 PM):
>> >>       * Password hash functions
>> >>         * ?????
>> >
>> >>     Don't encrypt passwords. Don't hash passwords. Instead, ______
>> >> passwords.
>> >
>> >
>> > i think this came up earlier. my take: stretch. pbkdf is also good,
>> > but long, and not accurate, as we don't always derive a key, we might
>> > derive a verifier.
>> >
>>
>> I like "stretch" as well. Especially since the phrase "key stretching"
>> is already used in this context, i.e.
>> https://en.wikipedia.org/wiki/Key_stretching
>>
>> Scott Arciszewski
>> Chief Development Officer
>> Paragon Initiative Enterprises <https://paragonie.com>
>
>

Hi Maarten,

> But I'm not sure that there is a need for one,

Compare the two statements:

    Don't encrypt passwords, hash them. But not with a general-purpose
cryptographic hash function; you need to use a hash function
specifically designed to perform the slow, salted hashing of a
password. This means don't use something like AES or SHA256, but do
use Argon2i.

-----

    Don't encrypt or hash passwords, phash them. For example: Argon2i.

I find myself repeating the same footnotes every time I try to correct
an article or press release about "we encrypt our users' passwords".
My meta-argument is that using the same verb to mean several different
actions is ambiguous and causes confusion for neophytes and opting for
a different verb for every context avoids that problem.

The need for it might not seem widespread, but I'm reasonably sure
that adopting this approach will lead to better user understanding
(i.e. not calling literally everything you can do in cryptography
"encryption").

> nor that it will get any traction.

We won't know unless we try. :)

Regards,

Scott Arciszewski
Chief Development Officer
Paragon Initiative Enterprises <https;//paragonie.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ