On 06/02/14 08:17, Marc A. Pelletier wrote:
On 02/05/2014 03:53 PM, Chris Steipp wrote:
The Whirlpool algorithm by Tim would force password cracking software to do a custom implementation for our hashes.
No judgment is passed on Tim, but rule number one of crypto is never try to roll your own unless you happen to have years and years of crypto math background, and your algorithm has been picked apart by peers over at least several months before you even tentatively put it forward.
Maybe Chris's phrasing misled you: I didn't invent the Whirlpool algorithm, it was invented by Vincent Rijmen and Paulo Barreto in 2000 and is now recommended by NESSIE and ISO. My proposal was just to use str_repeat() on the input to Whirlpool in order to increase the number of Whirlpool cipher rounds without requiring a tight loop in PHP.
-- Tim Starling