lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	14 Jun 2014 20:23:33 -0400
From:	"George Spelvin" <>
Subject: Re: random: Benchamrking fast_mix2

> I'll need to do a bit more looking to convince myself that 2
> iterations is better from a mixing perspective, but this looks like it
> might be a promising replacement for the 32-bit mixer.

This was tested with a hacked-up copy of Bob Jenkins' testing code.

It tests a few random starting values, and finds the minimum number of
outputs bits affected by an input delta for:

- Each input bit or pair of bits
- The function run forward or in reverse
- XOR, subtraction and addtion delta metrics.  (5x2 = 10 in total)

The example I posted:

// (29/66353) score = 49/121/123:  6 27 16 14

	a += b;			c += d;
	b = rol32(a, 6);	d = rol32(c, 27);
	d ^= a;			b ^= c;

	a += b;			c += d;
	b = rol32(a, 16);	d = rol32(c, 14);
	d ^= a;			b ^= c;

has, after 2 rounds, a minimum avalanche of 49 bits, taken over all of
the variables just mentioned.  The only thing maximized over is the
different starting values.

That seems adequate for something that's only being asked to preserve
1 bit of entropy.

(BTW, the way the deltas are defined, the maximum possibe score is 124.)
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

Powered by blists - more mailing lists