lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 7 Jul 2015 01:24:57 +0200
From: Alex Biryukov <alex.biryukov@....lu>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Memory-hard proof of work with fast verification (CPU Hash)

On Mon, Jul 6, 2015 at 11:24 PM, Bill Cox <waywardgeek@...il.com> wrote:

> On Mon, Jul 6, 2015 at 1:56 PM, Solar Designer <solar@...nwall.com> wrote:
>
>> On Mon, Jul 06, 2015 at 08:25:48PM +0000, Zooko Wilcox-O'Hearn wrote:
>> > Forgive me if this is a naive question, but if you wanted a
>> > Proof-of-RAM for a cryptocurrency to be ASIC-resistant and (maybe)
>> > GPU-resistant (and I do want that!), then what's wrong with Argon2d
>> > with memory size = 1 GiB?
>>
>> I guess Bill meant the "fast verification" bit in the Subject.  Filling
>> 1 GiB isn't as fast as Bill would like verification to be.
>>
>
> Yep.  1 GiB would make block-chain verification too slow.  This trade-off
> is why LiteCoin is facing an ASIC crisis
> <https://bitcoinmagazine.com/11125/asics-litecoin-come/>.
>


If we want desktop mining back we need 1-2 GiB for botnet resistance,
unless anyone has a better idea. It's not slow with rapid verification.


Alex

Content of type "text/html" skipped

Powered by blists - more mailing lists