Date: Sun, 22 May 2016 14:54:48 -0400 From: Scott Arciszewski <scott@...agonie.com> To: discussions@...sword-hashing.net, passwords@...ts.openwall.com Subject: Verbify "password hash" Hi all, I frequently find myself telling people, "Don't encrypt passwords, hash them," but then I have to continue on explaining that you can't just use ANY old cryptographic hash function, you need to use one of these special password hashing functions instead. A lot of clarity and simplicity can be gleaned from choosing a distinct verb to go along with each major class of cryptographic algorithm, even if it's an informal vernacular. This is what I've come up with so far: * Symmetric-key cryptography * Symmetric-key encryption * encrypt * decrypt * Symmetric-key authentication * auth * validate * Asymmetric-key cryptography * Asymmetric-key encryption (wherein you encrypt with $publicKey but can only decrypt with $secretKey) * seal * open * Asymmetric-key authentication * sign * verify * Key agreement * exchange / agree / negotiate (not sure which is easiest yet) * Other cryptography * Cryptographic hash functions * hash * Password hash functions * ????? I'm not the first to propose the naming issue, but my argument is a bit different: I'm fine with "password hash" as a compound noun. I'd just like to get some feedback on a verb, for telling developers with little security background: Don't encrypt passwords. Don't hash passwords. Instead, ______ passwords. Some ideas that have come up in discussing this on Twitter: * PASH (previously suggested by dchest) * phash (my original suggestion; pronounced "fash"; short for password hash) * pulverize * blend * puree * blitz * nuke and pave (not sure if this one was tongue-in-cheek) Scott Arciszewski Chief Development Officer Paragon Initiative Enterprises <https://paragonie.com> Content of type "text/html" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.