lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 22 Jan 2014 20:13:19 +0400 From: Solar Designer <solar@...nwall.com> To: discussions@...sword-hashing.net Subject: Re: [PHC] Modified pseudo-random distribution in NoelKDF On Wed, Jan 22, 2014 at 05:07:02PM +0400, Solar Designer wrote: > On Wed, Jan 22, 2014 at 07:43:53AM -0500, Bill Cox wrote: > > This reduced the 25% coverage attack to 24.5X penalty for a 1% cheat > > killer pass. I did the same for the sliding window. I increased the > > minimum edge length to pebble a node to 22,500 to keep it at 25.0% > > pebble coverage, and the penalty dropped to 0.88X for my 1% pass. > > What is meant by a penalty of 0.88X? Oh, I guess this is 0.88X on top of the normal effort (non-TMTO), meaning a 1.88X increase in total effort (for both loops combined). Actually, I am surprised. I thought the penalty would be less, if it's just for the 1% pass and not also for the lookups needed during the memory filling pass (why aren't you counting those?) What penalties are you getting for 50% coverage? Are they comparable to my results here? - http://www.openwall.com/lists/crypt-dev/2013/11/25/2 Yes, these were for a different anti-TMTO approach - with random writes rather than random reads while filling memory - yet there's similarity. Alexander
Powered by blists - more mailing lists