| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 29 Oct 2014 21:27:47 -0700 From: epixoip <epixoip@...dshell.nl> To: discussions@...sword-hashing.net Subject: Re: [PHC] Overview of PHC Candidates and Garbage-Collector Attacks On 10/29/2014 7:42 PM, Solar Designer wrote: > Hi Jakob et al., > > On Wed, Oct 29, 2014 at 06:38:26PM +0100, Jakob Wenzel wrote: >> under the following link you can find an overview of all PHC >> candidates which are not yet withdrawn: >> >> https://eprint.iacr.org/2014/881.pdf >> >> It focuses on comparing general and security properties. Moreover, it >> formally introduces the two attack types garbage-collector attacks and >> weak garbage-collector attacks. For each candidate, we argue why it >> provides resistance against these attack types or we actually show an >> attack. > > yescrypt does support server relief - only a tiny pre-final hash needs > to be transmitted to the server. (Moreover, it also supports use in a > straightforward modification of SCRAM.) The same is true for pufferfish as well, which is also marked as not supporting server relief. The blowfishy part can be done client side and transmitted to the server, and the server stores the final SHA512 hash. I've been wanting to formally add a javascript implementation to the reference implementation, but my javascript is weak.
Powered by blists - more mailing lists