Search:

Alright, so I've incorporated the memory-hardness parameter into each of the language implementations. It's an important addition I think, and doesn't seem to impact overall performance either.

I might also add that different values of "rounds" and "cost" may result in the same hash for a given set of inputs (password and salt(s)). If "cost" is unspecified/zero then it will, if only...

Okay, so revised once again. This version is a lot more straightforward though. The optimal skip distance is simply the cost divided by the average output length, plus one. It's stochastic enough to...

Scan past the colon and leading whitespace, then copy the rest into a buffer. The strchr() function will take care of the first bit of the task:



#include <stdio.h>
#include <string.h>

int...

No, it wasn't skipping in large enough steps. Also had an indexing issue there. Fixed.

After a few days mulling over this, I think I've finally found an acceptable solution. I've posted the updated (Javascript) implementation to the sandbox.

Essentially, the algorithm works by...

Well that doesn't scale very well. Performing calculations on larger and larger operands just has too much effect on execution time. Request a cost of say 10,000,000 and there's no telling just how...

Thanks for the input, laserlight. I've created a set of "sandbox files" containing a memory-hard version of Finabel.

Example usage:



It was a simple modification actually, just increase the...

Unless you're unwilling to make a sincere effort, don't expect help from anyone here.

For what it's worth, I went ahead and changed the default number of rounds to 1000. It's a breaking change, but results roughly the same run time as scrypt and argon2.

Okay, so here's a comparison of finabel and argon2:



As you can see, argon2 is about 100 times slower. And the default number of rounds for that algorithm is actually just 2. Which basically...

Point taken, and I will definitely do some comparison tests to see how it fares against these as well.

I should also point out that the proper selection of the "rounds" security parameter effectively mitigates the issue.

Compare:



And remember, the algorithm is not parallelizable between...

To be fair, this algorithm does no worse than the most common ones in use today.

Consider:



(The one used here isn't even close to the fastest SHA-256 implementations, by the way.)

With...

I've been working on this project (see link in signature) which currently supports 4 languages (C++, Java, Python 3, and Javascript). The algorithm is very simple. The Python version for example is...

Interesting caveat. I wasn't aware there was a distinction.

Exactly, fgets() is for text, not binary data.

It really just depends on the convention you want to go with. I think hamster_nz's approach is a good one, although I would recommend encoding those return values as enums/defines so that the usage...

I don't see how you could possibly know how many characters were read without checking the return value of fread().



It doesn't matter what language it's in. Just parse it according to the...

Well you definitely don't want to read it in 8 bytes at a time. Read a byte, determine the length, then read the rest (all in one go if you wish).

When you pass "r" to fopen() it opens the file in read-text-mode. That could be problematic, as it basically gives the operating system a license to preprocess the data. So for this task, opening the...

Your function need to return a value. Maybe something like this:



#include <stdio.h>

int order(unsigned array[], size_t length) {
int result = 0;
for (size_t index = 1; index < length;...

You should also be checking the FILE* returned by fopen(). Otherwise, the program will crash if the file doesn't exist.

Reading the file will require a loop.



for(;;)
{
int c = fgetc(f);...

Here's a hint:



#include <limits.h>
#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
#include <time.h>

Maybe just print it within the XOR loop?



#include <stdio.h>

#define XOR_KEY 0x6F

int main() {