Password Hashing Competition

From Wikipedia, the free encyclopedia
Jump to: navigation, search

The Password Hashing Competition is an open competition to select one or more password hash functions that can be recognized as a recommended standard.

One goal of the Password Hashing Competition is to raise awareness of the need for strong password hash algorithms, hopefully avoiding a repeat of previous password breaches involving weak or no hashing, such as the ones involving RockYou (2009), JIRA (2010), Gawker (2010), PlayStation Network outage (2011), EHarmony (2012), 2012 LinkedIn hack, Battlefield Heroes (2011), Adobe (2012), Evernote 2013, ASUS (2012), South Carolina Department of Revenue (2012), Ubuntu Forums (2013), etc.[1][2][3][4][5]

Inspired by the success of the Advanced Encryption Standard process and the NIST hash function competition, In 2013 a "Password Hashing Competition" was announced to choose a new, standard algorithm for password hashing.[6]

In the wake of allegations that NSA forced NIST to standardize a backdoored algorithm (Dual EC DRBG), the competition is being run by an independent panel of cryptographers and security practitioners independent of NIST, in order to avoid even the appearance of a backdoored algorithm.[1][7]

Submissions were due by March 31, 2014.[8] Some early reports indicated that submissions were due by Jan 31, 2014.[1][2][3][9] The PHC accepted 24 submissions on 1 April 2014.

External links[edit]