Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 10 Aug 2013 16:48:15 +0400
From: Solar Designer <>
Subject: Re: Parallella: bcrypt


On Fri, Aug 09, 2013 at 04:10:42PM +0200, Katja Malvoni wrote:
> On Fri, Aug 9, 2013 at 3:41 PM, Solar Designer <> wrote:
> > I think it'll be easier for you to debug this if you create a program
> > that will verify each and every computed bcrypt hash.  (As discussed
> > before, this is not what happens when we're cracking passwords.
> > Although we do use every bcrypt computation results, most failures can
> > go undetected.)
> >
> > With a 100%-verifying program, you should be able to trigger the issue
> > much more quickly and more reliably, so you'd be able to test different
> > theories as to its cause quicker too.
> OK, I'll do that.

Here's further advice on this: use $2a$00 hashes - that is, with only
one iteration of the (otherwise) most costly loop.  These are not
exactly valid bcrypt hashes (the original implementation imposes a
minimum of 04 for the cost setting), yet you may use them for quicker
testing, as well as to stress-test the host-Epiphany communication.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.