lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 26 Sep 2016 09:08:00 +0000
From: Gregory Maxwell <gmaxwell@...il.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Can we add back Argon2id?

On Mon, Sep 26, 2016 at 8:21 AM, Krisztián Pintér <pinterkr@...il.com> wrote:
> On Fri, Sep 23, 2016 at 10:32 PM, Bill Cox <waywardgeek@...il.com> wrote:
>> Can we add back Argon2id?
>
> one vote against. if the attack model includes side channels, 2i is
> the way to go. if it does not, 2d. 2id would be useful if the attack
> model sorta included side channels, but sorta didn't. or we don't
> care, but want to check the box. i don't see the realism in this
> scenario.

My understanding is that 2id addresses the case where the sidechannel
concern is that the sidechannel allows fast memory free elimination of
candidate passwords, but otherwise you don't care about the side
channel.

Personally, I was disappointed that PHC anointed anything which wasn't
at least this strong-- sidechannels are a reality and are fiendishly
difficult to defend against except by architecture. It seems
irresponsible to disregard them as completely as fully dynamic
algorithms do.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ