lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 29 Aug 2014 18:01:07 -0400 From: Bill Cox <waywardgeek@...hershed.org> To: discussions@...sword-hashing.net Subject: A review per day - RIG -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 As far as I can tell, RIG is a quick rewrite of Catena, using Lyra2's hash function, and Gambit's XOR-ing over data. The combination is original, but that's all. If the paper said, "We have combined these three good ideas and thing the result is superior", then I would be OK with it. For example, someone needs to plug Lyra2's ultra-fast sponge into Gambit. Mixing ideas is fine. I just think it's weird pasting three ideas from the forum together without crediting the sources properly. It almost seems like they attempted to obfuscate their sources. The paper and code are all original (mostly), so there's no plagiarism here. You can't copyright an idea. However, it's offensive to use other's ideas and pretend they are your own. All that is needed to fix RIG, IMO, is some proper credit to where they got their ideas, and a rewrite of their paper to be less dick-ish. For example, here's a statement in the RIG paper: "Therefore, it is recommended in [6] to have password-independent memory access patterns for a password hashing scheme. We have attempted to follow this requirement using bit reversal permutation." Why not credit Catena for the bit reversal pattern while they were at it? Did they actually rip off Lyra2's hash function and not give them credit? Multiple entries use the XOR-ing thing, so I have less trouble with that, but it follows a pattern... RIG's single-round Blake2b hash function happens to be identical to what Lyra2 uses. They either both copied the exact same text from the exact same source, or RIG's hash function was actually copied from Lyra2. The XOR-ing over memory is an idea from Gambit that we talked about quite a bit. Now that I've found that writing to a memory location just read from is quite fast compared to writing to a different location, I am a fan. Anyway, I feel RIG = Catena + Lyra2's hash + Gambit's XOR. This is likely a good combination, but I have to feel for the Catena, Lyra2, and Gambit authors when their work is not credited properly. I haven't done much analysis of the RIG code because it bothers me to read it... for example the memory swapping algorithm that the Catena guys invented fairly recently is there... Anyway, RIG is the last entry I'm posting about today! Bill -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUAPgfAAoJEAcQZQdOpZUZS9YQAIF1BpnhjNkBspxYtcqg+dou OaiaKr/7lPOSidwmLeV1Jxlbll0XjZ5pZDXUWy2EYmrB9FmZhZDmrLuP9pwhzeBy ZYjErWoi63A49fo1YffKa4oOxrKywneCxr9NMR3Z5GBbUL+mKzYl+FVNTZ+vQlsO ACzARgcwGRMRbr0QeFOczvIgmE3F2UmO3hBDwvKhvUTTn85/3W6I22oksOB5Z/X4 GEcrUC66gjv5X3HL1NboE8cvYzmn+t/Oy/qJVgQigZXGp2eOxfdPuYwe0DzBqIZ+ +myVo02oni2zr32uTsonLg6hyYaOBF2RY4I1ftrTkYiUEnqiz6XG8tgKX2wfLpmb TArs6bsxFlCxbiZ2k3SM7NDh/AGlOE/4QBDyFt5zzHtF28PL8YoJokIP1n1RgEO2 UbI/ZkRUKaqb7A5lEvmv6gK/cSzfQ9prv9mkhz2vTyLVrfwBdRFhqx3tkJsuDYe8 KciVGWFLAwdb6KtyoogzyQJfpMuLCsMuT75F2lECBO1Bk5xn5TMaQfInSfngvh14 W3tF9PvTnv5f2FMRpVXFc4VGmGhC/1qwQZzaII6yRYnFP+BuHi6NntyuczLsoF73 CqJ+PCtMrEjF/jqDjO0nRvRrUCvMsSD5bvA9G7HHVL8noFrM7Riqs4vNzw799sWE RFwFL77udT1rmipHFmPX =3b8c -----END PGP SIGNATURE-----
Powered by blists - more mailing lists