| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 1 Apr 2014 17:23:22 -0400 From: Bill Cox <waywardgeek@...il.com> To: discussions@...sword-hashing.net Subject: Re: [PHC] PHC Zoo ? On Tue, Apr 1, 2014 at 3:30 PM, Thomas Pornin <pornin@...et.org> wrote: > On Tue, Apr 01, 2014 at 01:38:05PM -0400, Bill Cox wrote: >> is it cool to make a hobby out of attacking all the submissions, even >> if I have an entry? > > It is more than cool; it is highly recommended. The whole point of an > open cryptographic competition is to accumulate analysis, i.e. to have a > lot of people trying to break the algorithms. It is normal and expected > that submitters, in particular, will try real hard to break each other > algorithms. > >> If so, where is the place to discuss weaknesses of various hashing >> algorithms? > > I'd say that discussions on password hashing algorithms are appropriate > on a mailing-list whose address is 'discussions@...sword-hashing.net'. > > Usually, academics discuss cryptography by gathering regularly, and, > when they cannot meet physically, exchange written information over > appropriate mediums. Historically, papyrus and then parchment were used, > but nowadays emails are preferred. When someone has a full, elegant and > non-trivial attack to demonstrate, he usually writes it down with the > traditional formalism (i.e. an 'article') and pushes it through the > various mechanisms (conferences with proceedings, and/or the IACR ePrint > archive: http://eprint.iacr.org/ ); for smaller, faster remarks, and, > yes, discussions, this present mailing-list is expected to be used. In > particular during the first pruning phase, during which the list of > candidates should be reduced (24 are fine, but maybe a bit too much for > available cryptanalytic resources). > > At least that's how things worked for SHA-3. I don't remember if there > was a mailing-list for the AES competition. > > >> I notice that poor AntCrypt is suffering from early cryptanalysis > > As far as can I see, it is more a specification/implementation issue, > but maybe I don't see everything that is to be seen. E.g. I don't follow > the IRC channel (maybe I should ?). > > For high-quality rational scientific debates, it is usually best if > people take time to structure their arguments and put them in due order; > so emails are a better format than chat-like interfaces. That's my > opinion. > > > --Thomas Pornin Thanks for that info. So, we'll discuss here, and the fun continues :-) I have some comments for AntCrypt, but if we all read it first that would be pretty miserable for the author. I'll read them all and post a laundry-list. Nothing major, just weaknesses not acknowledged by the authors. Some of the authors, like EARWORM, listed everything he could think of, and I have nothing so far to add, but probably half of the ones I've read so far didn't list any weaknesses at all, and so I have a list... Bill
Powered by blists - more mailing lists