Password Hashing Competition

The Password Hashing Competition is an open competition to select one or more password hash functions that can be recognized as a recommended standard.

One goal of the Password Hashing Competition is to raise awareness of the need for strong password hash algorithms, hopefully avoiding a repeat of previous password breaches involving weak or no hashing, such as the ones involving RockYou (2009), JIRA (2010), Gawker (2010), PlayStation Network outage (2011), EHarmony (2012), 2012 LinkedIn hack, Battlefield Heroes (2011), Adobe (2012), Evernote 2013, ASUS (2012), South Carolina Department of Revenue (2012), Ubuntu Forums (2013), etc.[1][2][3][4][5]

Inspired by the success of the Advanced Encryption Standard process and the NIST hash function competition, In 2013 a "Password Hashing Competition" was announced to choose a new, standard algorithm for password hashing.[6]

In the wake of allegations that NSA forced NIST to standardize a backdoored algorithm (Dual EC DRBG), the competition is being run by an independent panel of cryptographers and security practitioners independent of NIST, in order to avoid even the appearance of a backdoored algorithm.[1][7]

Submissions were due by March 31, 2014.[8] Some early reports indicated that submissions were due by Jan 31, 2014.[1][2][3][9] The PHC accepted 24 submissions on 1 April 2014. On 8 December 2014, the PHC selected 9 finalists: Argon, battcrypt, Catena, Lyra2, Makwa, Parallel, POMELO, Pufferfish, yescrypt.

External links

References

  1. 1.0 1.1 1.2 Danielle Walker. "Black Hat: Crackable algorithms prompt need for improved password hashing". 2013.
  2. 2.0 2.1 Antone Gonsalves. "Password hashing competition aims to beef up security". 2013.
  3. 3.0 3.1 Antone Gonsalves. "Contest aims to boost state of password encryption". 2013.
  4. Antone Gonsalves. "Auckland Uni scientist judge in password contest". 2013.
  5. Jean-Philippe Aumasson. "The Password Hashing Competition: Motivation, Challenges, and Organization". 2013.
  6. "Password Hashing Competition"
  7. Dennis Fisher. "Cryptographers aim to find new password hashing algorithm". 2013.
  8. Password Hashing Competition. "Call for submissions". Accessed 2013 Jan 20.
  9. Antone Gonsalves. "Contest aims to boost state of password encryption: Passwords are the most widely used security mechanism on the Web, so beefing up hashing algorithms, utilized to protect them, is important". 2013.