lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Fri, 4 Apr 2014 19:33:44 +1000
From: Rade Vuckovac <rade.vuckovac@...il.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Some Schvrch issues

Hi Bill

I am afraid that stir function is essential for the proposed scheme (can
not be commented out). The idea behind stir is to convert low entropy input
to randomly looking output. Only after stirring, revolve evolve functions
can be used. You may notice that stir and revolve are almost the same. Only
difference is mixer operation. It was observed that after 3 or 4 rounds
array looks fairly random and mixer is not necessary any more (although it
may be reintroduced if it is needed). As mentioned in submission earlier,
analysis of stir function is kind a controversial. Please find link /
reference in stir subsection for more info.

Regards, Rade
On 4 Apr 2014 18:56, "Bill Cox" <waywardgeek@...il.com> wrote:

> On Thu, Apr 3, 2014 at 6:19 PM, Rade Vuckovac <rade.vuckovac@...il.com>
> wrote:
> > The evolve function is an attempt to emulate Wolfram's rule 30 (random
> > number generator in Wolfram's Mathematica).
> >
> > What is behind the randomness of rule 30 and how it is related to the
> evolve
> > function in terms of cyclomatic complexity is presented in the paper (see
> > submission Appendix).
>
> I'm afraid this scheme doesn't work as you're expecting it to.  For
> example, if you fix line 107, but comment out both calls to the stir
> function, and run with t_cost = 1000, and m_cost = 1000, here's what I
> get:
>
> ./phs-schvrch 1000 1000 1
> type: d
> count: 8
> numbit: 32
> 2341707444
> 2341707404
> 4294967279
> 4294967295
> 32
> 0
> 2341707436
> 2341707404
>
> This resulting hash is not at all random.  Revolve and evolve simply
> don't mix the data significantly, no matter how long they run.  The
> XORing with memstate also does essentially no real mixing.  The only
> two function calls that do any significant mixing are the two calls to
> stir, and each can be reversed in 2^64 guesses of carry, so guessing
> them both at the same time should not take more than 2^128 guesses.
>
> Bill
>

Content of type "text/html" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ