A few weeks back I lamented about the poor state of affairs regarding password hashes. Well, after quite a bit of thought on this I decided that the real problem isn't stolen password lists and rainbow tables - these are trivially mitigated by salts/nonces - no, it's the inherent weaknesses (and flaws) of the very algorithms that we rely on.
What I've done is taken a completely different approach altogether. I've developed a method that is foremost rooted in a very hard number-theoretic problem (related to discrete logarithms) and second-most upon the principle of scalability. I'm withholding details of the algorithm until I absolutely verify that it has been implemented correctly, but let me just say that the preliminary results are rather promising, to say the least. Statistical analysis (provided by Diehard, TestU01, Ent, plus various compression utilities) seem to indicate an unusually high entropy density (ie: essentially indistinguishable from truly random data), extremely high collision resistance, and an apparent lack of susceptibility to bit-flipping attacks and the like.
I've shown the algorithm to a few good friends who happen to be professional mathematicians and their initial responses have been quite encouraging. I'm very excited about this, and I can't wait to release a detailed description of the algorithm once it has been thoroughly studied and verified. I've devoted literally hundreds of man-hours to this project in a very short period of time and I'm exhausted, frankly (and perhaps a bit delirious), but truly happy that all of the effort just might have been worth it.
Okay, so how about some visuals?
Here are the unsalted hashes of some simple, single character passwords, first their 64-bit values, followed by their 256-bit values (the algorithm scales to any number of bits):
And here's the SmallCrushTest results using the worst seed value possible - a zero! (That is, zero-length and zero-value):Code:// 64-bit hashes 'a': 28191714584FD46F 'b': C9B8A0C07AA27E9B 'c': BF466002D82DA9C1 'd': 38A418BEF6D7084C 'e': CC89B87148317CED 'f': A759812A3127E2C6 'g': 9C6605AAC49C881B 'h': C9671139CD0A5489 'i': 580B935F34F92C22 'j': 2871EEC5CE32D711 'k': 76EBB34389732F76 'l': ECD6678712E75EEC 'm': DDFAEC50E2DC8B1D 'n': B73E3B9438F76207 'o': 5B9F1D4A9C7BB103 'p': 76EBB34389732F76 'q': C4AFC76E7D762871 'r': 165837691A132990 's': 3FE49AA205D64D9A 't': F143AE295A60DDA4 'u': C70FB9A668817593 'v': B4992A508E1F724D 'w': CD4407D266AA4039 'y': E0846A7E478FCD44 'z': 1E08558017942E89 // 256-bit hashes 'a': 1139CD0A54893911370E2986AFFD350213C06E490D76CFDC28191714584FD46F 'b': C86956A04ACC89B87148317CEDAF119800764B6AB07BE646C9B8A0C07AA27E9B 'c': 947A7773580B935F34F92C22A759812A3127E2C621C5F0B5BF466002D82DA9C1 'd': EC2C731D9152EF6E0E6B61F28B269F45E4342B5025E644DC38A418BEF6D7084C 'e': 25CEBDD859E63A22A5DEDD1CD6C2E4174D3E8BC86956A04ACC89B87148317CED 'f': 63B73E3B9438F7626799EB88947A7773580B935F34F92C22A759812A3127E2C6 'g': 8FDDFAEC50E2DC8B9D65AE2352EADDCD612D4C7ED1E4B3889C6605AAC49C881B 'h': 6810BF1EBBF5D9A1C4B9173BCB5C47A4D4BB9BC35A98FCA2C9671139CD0A5489 'i': 24C8EA95010DE2D763B73E3B9438F7626799EB88947A7773580B935F34F92C22 'j': 397EC835450BAC9B348D89144890D52B031AC4AFC76E7D762871EEC5CE32D711 'k': 365305CAF143AE295A60DDA4694CA44082AC5E19D0207E3D76EBB34389732F76 'l': 6DA60A94E3875C53B4C0BA49D39848810459BD32A041FC7AECD6678712E75EEC 'm': CD548172FC906B8A165837691A13299020AB570634885F8FDDFAEC50E2DC8B1D 'n': 3355A01C3FE49AA205D64D9AC6440A24C8EA95010DE2D763B73E3B9438F76207 'o': 992A508E1F724DD102EB264D6322051264F5CA8006F1EBB15B9F1D4A9C7BB103 'p': 365305CAF143AE295A60DDA4694CA44082AC5E19D0207E3D76EBB34389732F76 'q': 4407D266AA40397EC835450BAC9B348D89144890D52B031AC4AFC76E7D762871 'r': 8017942E89A9C009D5FC8E1E9B890EA4CD548172FC906B8A165837691A132990 's': B4074215E005A54B622A704235BFA3C766A203693355A01C3FE49AA205D64D9A 't': 4F7B2054015E50BA24A6022754F33B7A6C263A90365305CAF143AE295A60DDA4 'u': 3EED8150057841E992980A9C50CDEFE8B199E840DA4C1528C70FB9A668817593 'v': 93EA01F97DDA03A10AF082D225311538A19ADFD16333D181B4992A508E1F724D 'w': EF3A8C4EAA07E4F7690F842AC00B4A97C454E0846A7E478FCD4407D266AA4039 'y': 58995DA877A5EF3A8C4EAA07E4F7690F842AC00B4A97C454E0846A7E478FCD44 'z': D2EC271099C0E38510B132BB50EF4ADF75189D540FC8EFD31E08558017942E89