Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20240821161706.GA14488@openwall.com>
Date: Wed, 21 Aug 2024 18:17:06 +0200
From: Solar Designer <solar@...nwall.com>
To: announce@...ts.openwall.com, yescrypt@...ts.openwall.com
Subject: yescrypt-go 1.0.0

Hi,

yescrypt is a password-based key derivation function (KDF) and password
hashing scheme.  It builds upon scrypt, and our original implementation
in C is able to compute native yescrypt hashes as well as classic scrypt.
This original implementation is also integrated in libxcrypt, which
exposes a subset of its functionality as used for password hashing on
modern Linux distros.

This is to announce the first release of yescrypt-go, which is our pure
Go reimplementation of yescrypt.  It currently supports (only a little
more than) the subset of yescrypt parameters that libxcrypt can generate
(as of libxcrypt 4.4.36), and it is also able to compute classic scrypt.

yescrypt-go is available right on the main yescrypt homepage, as well as
on GitHub as linked from there:

https://www.openwall.com/yescrypt/

This release has been sponsored by Sandfly Security, provider of
agentless Linux security and incident response:

https://sandflysecurity.com/about-us/news/sandfly-5-1-1-important-performance-upgrade-and-yescrypt-support/

yescrypt-go builds upon Dmitry Chestnykh's implementation of scrypt in
Go, integrates all Go x/crypto changes to it as of mid-2024, and finally
adds my implementation of yescrypt (along with revision of the code
shared with scrypt to make it also suitable for yescrypt).  Dmitry has
also helped review yescrypt-go to make it more idiomatic.

The Go module currently exposes 3 functions:

yescrypt.ScryptKey(), which is compatible with Go x/crypto scrypt.Key(),
but may slightly differ in performance (in my testing is either the same
or slightly faster, varying by parameter values)

yescrypt.Key(), which computes the native yescrypt KDF (but is currently
limited in what parameters it supports)

yescrypt.Hash(), which computes a yescrypt hash encoding compatible with
our C implementation's and libxcrypt's crypt(3), so it can be used for
authentication against Linux distros' yescrypt password hashes

The lighter feature set of yescrypt-go 1.0.0 compared to the C yescrypt,
as well as its semantically separated git commits history, also make it
useful as reference for initial implementations in other languages.  The
full yescrypt may look complicated, but yescrypt-go is now quite simple.
yescrypt.go implementing the *Key() functions is 394 lines (345 loc),
and yescrypt_wrapper.go implementing Hash() is 117 lines (103 loc).

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.