Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 7 Jan 2013 15:53:43 -0600
From: Patrick Mylund Nielsen <cryptography@...rickmylund.com>
To: crypt-dev@...ts.openwall.com
Subject: Re: password hashing competition?

I like this idea very much. It is definitely a topic that is mostly ignored
by academics, but sorely needed by industry.


On Mon, Jan 7, 2013 at 2:53 PM, Jean-Philippe Aumasson <
jeanphilippe.aumasson@...il.com> wrote:

> Hello crypt-dev,
>
> this is a follow-up to
> https://twitter.com/aumasson/status/288289065311293440
> and in particular to Solar Designer's suggestion to join this list
> (thanks!).
>
> As I'm new to the list, let me briefly introduce myself: I've done
> some research in cryptanalysis and (co-)designed the SHA3 finalist
> BLAKE, and more recently SipHash and BLAKE2 (more on
> https://131002.net/ and https://blake2.net).
>
> So what about this (naive?) idea of a competition? Well we've already
> had block ciphers (AES), stream ciphers (eSTREAM), hash functions
> (SHA-3), and very soon authenticated ciphers (TBD). Although I'm far
> from an expert when it comes to password hashing schemes, my feeling
> is that it's the most understudied cryptographic object, and at the
> same time the most needed today. There's just been only a handful of
> proposals, it's mostly ignored by academic research, and a number of
> people seems to have promising idea to do better. Perfect context for
> starting a new competition!
>
> "But we already have scrypt!": well, IMHO scrypt was quite a
> revolutionary design, but I tend to see it rather as a first step in
> the right direction rather than as the end of the road.
>
> Obviously organizing such a competition---or however we call
> it---creates a number of challenges: who decides of the winner(s), how
> should the call for submissions look like, what's the right time
> frame, etc. But these issues can be solved as long as there's a
> critical mass of commited people.
>
> Is this a silly idea?
>
>
> JP
>

Content of type "text/html" skipped

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ