Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAKws9z1T8bWV0BepysXojRXQicEXkEJ-K0vh4QQfqTzWgA7igg@mail.gmail.com>
Date: Sun, 22 May 2016 14:54:48 -0400
From: Scott Arciszewski <scott@...agonie.com>
To: discussions@...sword-hashing.net, passwords@...ts.openwall.com
Subject: Verbify "password hash"

Hi all,

I frequently find myself telling people, "Don't encrypt passwords, hash
them," but then I have to continue on explaining that you can't just use
ANY old cryptographic hash function, you need to use one of these special
password hashing functions instead.

A lot of clarity and simplicity can be gleaned from choosing a distinct
verb to go along with each major class of cryptographic algorithm, even if
it's an informal vernacular.

This is what I've come up with so far:

  * Symmetric-key cryptography
    * Symmetric-key encryption
      * encrypt
  * decrypt
    * Symmetric-key authentication
   * auth
   * validate
  * Asymmetric-key cryptography
    * Asymmetric-key encryption (wherein you encrypt with
      $publicKey but can only decrypt with $secretKey)
   * seal
   * open
    * Asymmetric-key authentication
    * sign
   * verify
    * Key agreement
   * exchange / agree / negotiate
     (not sure which is easiest yet)
    * Other cryptography
   * Cryptographic hash functions
     * hash
   * Password hash functions
        * ?????

I'm not the first to propose the naming issue, but my argument is a bit
different: I'm fine with "password hash" as a compound noun. I'd just like
to get some feedback on a verb, for telling developers with little security
background:

    Don't encrypt passwords. Don't hash passwords. Instead, ______
passwords.

Some ideas that have come up in discussing this on Twitter:

  * PASH (previously suggested by dchest)
  * phash (my original suggestion; pronounced "fash"; short for password
hash)
  * pulverize
  * blend
  * puree
  * blitz
  * nuke and pave (not sure if this one was tongue-in-cheek)

Scott Arciszewski
Chief Development Officer
Paragon Initiative Enterprises <https://paragonie.com>

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.