Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <519BE0B0.8000105@mccme.ru>
Date: Wed, 22 May 2013 01:01:36 +0400
From: Alexander Cherepanov <cherepan@...me.ru>
To: john-dev@...ts.openwall.com
Subject: Re: New algorithm names

On 2013-05-22 00:25, magnum wrote:
> On 6 May, 2013, at 23:44 , magnum<john.magnum@...hmail.com>  wrote:
>> Perhaps we should revise some (many?) labels in bleeding (like wpapsk ->  WPSPSK) first though. And re-define shared things like MD5_SSE_TYPE from just SSE_type to '"MD5 " SSE_type'. I understand MD5crypt should be like this:
>> Benchmarking: md5crypt [MD5 128/128 SSE2 intrinsics 12x]... DONE
>>
>> We should stop and think now before running around in circles: When at it, I think we should abbreviate all uses of "intrinsics" in ALGORITHM_NAME because it's too long. Do we even need an abbreviation? I think not. This is enough:
>> Benchmarking: md5crypt [MD5 128/128 SSE2 12x]... DONE
>>
>> Also, should we standardize on some abbreviation of things like PBKDF2-HMAC-SHA-256 too? Perhaps drop "HMAC" (even if it's not stricly implied by PBKDF2) and just say PBKDF2-SHA256.
>>
>> BTW, doesn't "128/128" and "4x" actually say the same thing twice? So we should drop "4x". For formats where we currently say "128/128 12x" it might be more logical with "3x128/128". Perhaps even drop the 3x and just say "128/128" even if interleaved. Just thinking out loud.
>>
>> The current
>> Benchmarking: md5crypt [128/128 SSE2 intrinsics 12x]... DONE
>> Benchmarking: lastpass, LastPass sniffed sessions PBKDF2-HMAC-SHA-256 AES [128/128 SSE2 intrinsics 4x]... DONE
>>
>> could be
>> Benchmarking: md5crypt [MD5 3x128/128 SSE2]... DONE
>> Benchmarking: LastPass, sniffed sessions [PBKDF2-SHA256 128/128 SSE2 AES]... DONE
>
> Anyone having an opinion on this? I'm not quite sure how to proceed but I'd like them to be shorter.

Just a quick note:

I completely agree with you that various name should be overhauled. For 
example, the distinction between standalone hashes and sniffed hashes is 
somewhat widespread. I think the names for sniffed variants should be 
unified. Right now we have "C/R" in netlm&co., dmd5, mschapv2*, "Network 
Authentication" in mysqlna, "sniffed sessions" in lastpass and something 
strange in mongodb. And I don't think it's a good idea to use 
unqualified names for formats for sniffed hashes. "lastpass-net", 
"net-lastpass" or something like that seems to be better for sniffed 
lastpass hashes. Then "lp" (for standalone lastpass) could be changed to 
straight "lastpass". Or it could be done the backward: rename "lastpass" 
to "netlp" or "lp-cr" and leave "lp" as it is.

-- 
Alexander Cherepanov

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.