On 06/02/14 08:17, Marc A. Pelletier wrote:
On 02/05/2014 03:53 PM, Chris Steipp wrote:
The Whirlpool algorithm by Tim would force
password cracking software to do
a custom implementation for our hashes.
No judgment is passed on Tim, but rule number one of crypto is never try
to roll your own unless you happen to have years and years of crypto
math background, and your algorithm has been picked apart by peers over
at least several months before you even tentatively put it forward.
Maybe Chris's phrasing misled you: I didn't invent the Whirlpool
algorithm, it was invented by Vincent Rijmen and Paulo Barreto in 2000
and is now recommended by NESSIE and ISO. My proposal was just to use
str_repeat() on the input to Whirlpool in order to increase the number
of Whirlpool cipher rounds without requiring a tight loop in PHP.
-- Tim Starling