| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 02 Sep 2014 09:49:36 -0400 From: Bill Cox <waywardgeek@...hershed.org> To: discussions@...sword-hashing.net Subject: Re: [PHC] A review per day - Schvrch -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/02/2014 02:49 AM, Poul-Henning Kamp wrote: > -------- In message > <CAG+Gt9ZwKnCamXQEPP2iFSmN1HO6nBC8wqdg8QHQsS_o6BxLkQ@...l.gmail.com> > > , Rade Vuckovac writes: > > I think Bill missed the point about Schvrch *big* time. > > Cryptography is at its foundation about finding ways to mix up > bits, to make them unrecognizable without loosing their entropy. > > Once you dive into it, the actual palette of tools at our disposal > is much smaller than most people realize, and many of those tools > are even specific variants of more general tools from the same > palette. > > Schvrch adds an entirely new tool to the palette -- no mean feat. > > I have no idea how Bill could overlook this, but my guess is that > the compactness of what was proposed and the lack of orthodox > encryption primitives deceived him into not paying proper > attention. > > He should. > > Schvrch was one of the submissions which made PHC worth the effort > for me. > > Schvrch's mathematical pedigree lists both Von Neumann[1] and > Wolfram, both were fascinated and frustrated by the seemingly > unlimited complexity arising out of trivially simple rules. > > That of course is no guarantee of cryptographic utility. Only > time and analysis will tell if Schvrch's new tool is any good. > > But Bills dismissal of mathematics which frustrated both Von > Neumann and Wolfram as "just XORs states together" and concluding > that "not much effort went into it" is not even wrong. > > Poul-Henning > > [1] The paper inexplicably fails to credit him. I am not dismissing the mathematics. I am only carefully reviewing the *code*. The Schvrch attached paper (not the actual submission for the PHC) may be wonderful, but I have not read it. If the point is to show a new mathematical system for hashing, then yes, I missed it. I though the point was to write a secure hash function :-) However, a new mathematical hashing framework is cool. If the author would work with guys who understand a bit about password hashing, he might come up with a great algorithm. However, he clearly did not, and Schvrch does nothing to defend against common attacks. Unlike other authors on the list (POMELO for example), the Schvrch author did not seem interested in hearing about how to fix his algorithm from this list. That's why I said we should just skip it. Bill -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUBcrsAAoJEAcQZQdOpZUZDagQAJg/roY+oR10CCMhSBxGeeDz 5XHhnANOsk5eDTI2dd8cIMQaOZDY/c3EyzF8TXN6Ps16Tm3/E7KDVI+2FARKm3KU +fnCSoy/H84IK2cBMwnoSBhdWsP3AXSkQbdQPsCZ2XCc/YcTJs5xuOpmUjXya7Rc CC7/2HqJgDYEeTS6LqkZddKCvGYjFC9ohhCoFGNSKNSMAkcWyxp3il0EQvLCeU13 xbWt/yHPUhAmZ+OjO/FRQcpOa0mxEl2HipRCK2+QhvWdl89YDXH8rFfvqh3ZKjUI 4ohCGWVzCyX0xzf0Dkga/CXjlxCzGL1x1aujzM78AmKxeE3QfYSuJ7sv2bc9zm3C dBYjzMVyvO4BB7jjl5SDKZJ/kqGgYrO6IGt/KYt0jp77AHtA7NI3XFfQou+kstep PLSIhdt9yEXFIN+P0l+m9YXvc7KTobEOltDyBCOhMKbCVq6cE8pQDM3nzF+hmdiw PegSI3/BcbTftVxoROumuYmocFIWXv0nLc3oa6Jic6Fsq6SfZS97NJHEgB/D/u01 T2hK63EUbSc96FSvPvE2giUAZkWez6E34UGZzAOQGnOTNVOEZHU2ukOmwpLwbADX 5YkbgAOxZSH0w7DXlbpoIWVB8V8uLChyiHNRE00TeAd1xH8L2RFvYdh+o+/Kslp3 aRdST4GuTtFgFwdutlI5 =4ICT -----END PGP SIGNATURE-----
Powered by blists - more mailing lists