Steve Thomas

@tjconcept I meant to reply to this last week. Your "~2x speedup on hashing" comment made me think there was something wrong with Node's PBKDF2 implementation. Anyway I found a...

P.S. I made a pull request (https://github.com/iphelix/pack/pull/13) so if you use that code, you can just do: ``` ./maskgen.py input.txt -o output.hcmask --custom-charset1-len 161 ```

OPAQUE is an augmented PAKE (aPAKE, client-server) and croc can use a balanced PAKE (peer to peer). Balanced PAKEs are normally faster than aPAKEs. Also OPAQUE is meh. It added...

PAKE2 and SPAKE2 are basically the same, if not the same. SPAKE2-EE is not a hybrid of CPace and SPAKE2. CPace is based on SPEKE (hide the generator) and SPAKE2-EE...

Oh right "SPAKE2-EE" is the "Elligator Edition" of SPAKE2. > If this PAKE is secure, I don't see much reason to change it, but if there's reason to be concerned...

When I heard of PP I looked into no duplicate words because I was thinking of the "pick 4+ things near you right now" type of passwords, but even that...

Repeated words in a single password: ``` $ ./pp64-o.bin --elem-cnt-min 4 --elem-cnt-max 4 --limit 10 < words 1111 2111 3111 4111 1211 2211 3211 4211 1311 2311 ``` Besides all...

@jzheaux That OWASP cheat sheet is based on my recommendations. The four changes I suggested to this project's defaults: ---- > Argon2's setting are `m=4 MiB, t=3, p=1` either set...

> ... the defenders need to do more than passwords and it is unlikely they will leverage GPUs. Argon2, bcrypt, PBKDF2, and scrypt can't run on a GPU for the...

Sorry I removed the reference to the lines of code https://github.com/crypto-browserify/pbkdf2/blob/master/lib/sync.js#L36-L40