lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 02 Oct 2014 10:25:54 -0400 From: Bill Cox <waywardgeek@...hershed.org> To: discussions@...sword-hashing.net Subject: Re: [PHC] Design Rationale and Security Analysis of PHC candidates -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/02/2014 08:02 AM, Thomas Pornin wrote: > On Thu, Oct 02, 2014 at 12:50:31PM +0200, Dmitry Khovratovich > wrote: >> The value "Explored" stands for the case when the designers >> actually try to mount a collision/preimage attack on their design >> and show why it fails. It is not the best possible option: >> ideally, one would provide some sort of security proof that >> reduces the security of the mode of operation (which the hashing >> scheme is) to the security of the underlying primitive, and thus >> get the grade "Verified" or "Proven". > > In that case, I'll claim that "proven" status for Makwa. Seconded. The Makwa algorithm is proven as secure as integer factoring, with the only serious complaint being that the factors need to be carefully scrubbed from existence if we are concerned about attackers finding them. Several other entries have also proven their basic security, like Yescrypt, through "strongly secure" hashing of all inputs with a strong existing cryptographic primitive, and a proof that significant entropy is not lost. If you like, I can go back through my reviews and point out the entries that have secure basic cryptography, and which ones need more expert review than I can provide, which are those that invented new hashing primitives, and then rely on them for security. Bill -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIbBAEBAgAGBQJULWBvAAoJEAcQZQdOpZUZ6PsP+Lt7trJ/5LfLrwvNKjcCwk1Y v27C46ZKckZO2c1N21FdnC9GyO1rhSkfMGzL2h98b9vxCU7qUTbRD6dQMamdUdKm 4n4aKhgD7MQkGOHlTQio5lXVrPa6Q1Ud0qe0ZHf0gq3zi4C9OI0wesPis0pobPzf jSxe6k3o/aGzOF3zBoEC3g1Bjjwq0dRfizpxf+GKn8fc4AfdGLK3blbxLwugjqA6 dCKCCZik4ynVCt/cWe9xsgCVyAhzvC9pPiSFyKXtOSQqHuK5RRDRwyCU3gJWJW4A JK9IFwKZT11PSn2ARhwJjA+GxoNDfsD0j/LTgpb9jKl1Dng5gHPmKfT6GAZsamWS QiNP3P9fzbMMdCSNQQZ8Ho2Ub1Kbg25f1A/UEdElx+svwuPXXLpkx8LMVs5Htnd0 HXQUEo0jsDWOxvkPe/Aheix9EfFYNBbIooBgcVIp98lVsYJMz7xp7D1F9HfPCW9Q HCyxATjj24TP7VEKlSfs5Dv3OkHv7BudfQF/Et+3VSrB331CpUSX2vOWSHNhNy++ biz/4jbytJuFmAjpG//CYjEQ8StQwLYtiMLfRxgiOx4WCNPZLV/VmT/BsEClTsjG n6FOPTowPkE13PyU+zT/qyRC+tgieprfcY8b2uSaYZElJVnncdbkj/LCZ8SusvmV 6OR94SdCB4mL3slADFM= =uPck -----END PGP SIGNATURE-----
Powered by blists - more mailing lists