lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 29 Aug 2014 18:01:07 -0400
From: Bill Cox <waywardgeek@...hershed.org>
To: discussions@...sword-hashing.net
Subject: A review per day - RIG

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

As far as I can tell, RIG is a quick rewrite of Catena, using Lyra2's
hash function, and Gambit's XOR-ing over data.  The combination is
original, but that's all.  If the paper said, "We have combined these
three good ideas and thing the result is superior", then I would be OK
with it.  For example, someone needs to plug Lyra2's ultra-fast sponge
into Gambit.  Mixing ideas is fine.  I just think it's weird pasting
three ideas from the forum together without crediting the sources
properly.  It almost seems like they attempted to obfuscate their
sources.  The paper and code are all original (mostly), so there's no
plagiarism here.  You can't copyright an idea.  However, it's
offensive to use other's ideas and pretend they are your own.  All
that is needed to fix RIG, IMO, is some proper credit to where they
got their ideas, and a rewrite of their paper to be less dick-ish.

For example, here's a statement in the RIG paper:

"Therefore, it is recommended in [6] to have password-independent
memory access patterns for a password hashing scheme. We have
attempted to follow this requirement using bit reversal permutation."

Why not credit Catena for the bit reversal pattern while they were at
it?  Did they actually rip off Lyra2's hash function and not give them
credit?  Multiple entries use the XOR-ing thing, so I have less
trouble with that, but it follows a pattern...

RIG's single-round Blake2b hash function happens to be identical to
what Lyra2 uses.  They either both copied the exact same text from the
exact same source, or RIG's hash function was actually copied from Lyra2.

The XOR-ing over memory is an idea from Gambit that we talked about
quite a bit.  Now that I've found that writing to a memory location
just read from is quite fast compared to writing to a different
location, I am a fan.

Anyway, I feel RIG = Catena + Lyra2's hash + Gambit's XOR.  This is
likely a good combination, but I have to feel for the Catena, Lyra2,
and Gambit authors when their work is not credited properly.  I
haven't done much analysis of the RIG code because it bothers me to
read it... for example the memory swapping algorithm that the Catena
guys invented fairly recently is there...

Anyway, RIG is the last entry I'm posting about today!

Bill
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUAPgfAAoJEAcQZQdOpZUZS9YQAIF1BpnhjNkBspxYtcqg+dou
OaiaKr/7lPOSidwmLeV1Jxlbll0XjZ5pZDXUWy2EYmrB9FmZhZDmrLuP9pwhzeBy
ZYjErWoi63A49fo1YffKa4oOxrKywneCxr9NMR3Z5GBbUL+mKzYl+FVNTZ+vQlsO
ACzARgcwGRMRbr0QeFOczvIgmE3F2UmO3hBDwvKhvUTTn85/3W6I22oksOB5Z/X4
GEcrUC66gjv5X3HL1NboE8cvYzmn+t/Oy/qJVgQigZXGp2eOxfdPuYwe0DzBqIZ+
+myVo02oni2zr32uTsonLg6hyYaOBF2RY4I1ftrTkYiUEnqiz6XG8tgKX2wfLpmb
TArs6bsxFlCxbiZ2k3SM7NDh/AGlOE/4QBDyFt5zzHtF28PL8YoJokIP1n1RgEO2
UbI/ZkRUKaqb7A5lEvmv6gK/cSzfQ9prv9mkhz2vTyLVrfwBdRFhqx3tkJsuDYe8
KciVGWFLAwdb6KtyoogzyQJfpMuLCsMuT75F2lECBO1Bk5xn5TMaQfInSfngvh14
W3tF9PvTnv5f2FMRpVXFc4VGmGhC/1qwQZzaII6yRYnFP+BuHi6NntyuczLsoF73
CqJ+PCtMrEjF/jqDjO0nRvRrUCvMsSD5bvA9G7HHVL8noFrM7Riqs4vNzw799sWE
RFwFL77udT1rmipHFmPX
=3b8c
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists