lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 1 Apr 2015 05:22:34 -0500 (CDT) From: Steve Thomas <steve@...tu.com> To: discussions@...sword-hashing.net Subject: Re: [PHC] OMG we have benchmarks > On April 1, 2015 at 3:45 AM Solar Designer <solar@...nwall.com> wrote: > > On Wed, Apr 01, 2015 at 03:02:07AM -0500, Steve Thomas wrote: > > https://raw.githubusercontent.com/mbroz/PHCtest/master/output/round2_Lenovo_X230_i5_16G/mc_cost_2/memory_time_round.png > > > > Note I believe there might be a problem with some of it: battcrypt on 5x and > > POMELO on 3x and 5x. Since those algorithms don't have t_costs for those and > > I > > think they are run at lower settings. > > > > But ignoring that these are the best benchmarks I've seen since they're > > normalized for rounds across memory and time vs memory (instead of having > > t_cost > > or m_cost as an axis). > > Cool! Why are these for t_cost from 2 to 5, though? Where's t_cost 0 > and 1? 2x to 5x are how many passes are done over memory (ignoring the initialization of memory). This is what I came up with here: http://article.gmane.org/gmane.comp.security.phc/2550 This was just my attempt at coming up with useful settings to compare algorithms and Milan Broz was awesome enough to run them. > I think only behavior with the lowest supported t_cost matters > for selection of a scheme, whereas exactly how higher t_cost affects the > behavior is merely additional information to be used for fine-tuning. > Yes but using minimum t_cost has problems because some algorithms aren't memory hard at those levels. I assume when the winner is picked we'll have minimum settings that aren't broken. I personally think that any setting that allows for TMTO is broken. Thus why I started at 2x. Also there are multiple because battcrypt, POMELO, and Pufferfish don't use t_cost linearly. Well yescyrpt too but that's just the first two that are weird.
Powered by blists - more mailing lists