Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed, 3 Oct 2012 18:07:49 +0400
From: Solar Designer <solar@...nwall.com>
To: musl@...ts.openwall.com
Subject: Re: crypt() non-DES support

This is offtopic for the musl list, but on topic for the crypt-dev list,
also hosted by Openwall.  Anyhow, I'd rather not spend much time
discussing SHA-3 before having played with it for real.

On Wed, Oct 03, 2012 at 04:01:35PM +0200, Szabolcs Nagy wrote:
> tl;dr: don't use sha3 for passwd hash

At a high level, I fully agree.  If someone simply puts SHA-3 in a loop,
the result won't be great.

But there's more to it: hardware implementations of password hashing are
possible (I mean "defensive" ones), and parallelized implementations of
SHA-3 (multiple inputs/outputs at once) in software might actually be
very fast (so one of them can be used as a primitive for a password
hashing method, just like I was thinking of building a password hashing
method on top of bitslice DES in ~1998 - easily scalable to any SIMD
vector width).

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.