Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 19 Jan 2013 09:27:33 +0100
From: Christian Forler <christian.forler@...-weimar.de>
To: crypt-dev@...ts.openwall.com
Subject: Re: Password Scrambling

Am 19.01.2013 00:54, schrieb
> Hi Christian,
> 
> On 01/18/13 13:13, Christian Forler wrote:
>> Anyway! In the next couple of weeks, we will write an academic paper
>> introducing a new password scrambler (key derivation function). After
>> that, I will try to supply you with an abbreviated version of our
>> extended abstract, if desired.
> 
> I'd be happy to see this.  I assume you're familiar with my work on scrypt.

Of course, I'm familiar with scrypt. You did a great job. Your idea of
using a memory-hard algorithm was beautiful.

For us scrypt was a great start, and you can bet that we will discuss
scrypt in our upcoming paper.

BTW I have two questions regarding scrypt.
1) Why using two different crypto primitives, i.e., Salsa/20 (MFcrypt)
and SHA-1 (PBKDF2), instead of one?
2) Why is PBKDF2 called twice and not once?


Nevertheless, in IMHO is scrypt superior to all other common password
scrambling algorithms like md5crypt, crypt, PBKDF1/2, bcrypt, etc.



Best regards,
Christian

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ