lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 12 Jan 2016 18:44:02 +0100
From: Krisztián Pintér <pinterkr@...il.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Re: Attack on Argon2i?


Bill Cox (at Tuesday, January 12, 2016, 6:30:07 PM):

> ./argon2memtest $((1 << 26))
> Max blocks used 12409040 out of 67108864.  Memory reduction 5.41X


i don't recall if i posted this to the list, but if not, i swear i'm
not making this up after this article :)

so i'm long since against pseudorandom but fix access patterns. first,
i don't see the benefit of a pseudorandom but fixed over a simple and
fixed. it is still fixed. second, i see the risk that anything chosen
randomly might be suboptimal. especially if it depends on a value
(like salt) out of control. i don't like their approach for the same
reason.

analogy: s-boxes. it is known, that random s-boxes are suboptimal in
comparison to carefully crafted ones. this is the expected thing,
since why would a random object be optimal? it only happens if the
vast majority of possible objects are optimal, which at least needs a
proof.

this is why i like catena's more scientific approach, or yes, my own
for that matter.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ