lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 17 Feb 2013 00:00:32 -0800
From: Trevor Perrin <trevp@...vp.net>
To: Marsh Ray <maray@...rosoft.com>
Cc: Jeremi Gosney <epixoip@...dshell.nl>, Jens Christian Hillerup <jens@...lerup.net>, 
	Jens Steube <jens.steube@...il.com>, 
	"discussions@...sword-hashing.net" <discussions@...sword-hashing.net>
Subject: Re: [PHC] Different cost settings and optional input

On Sat, Feb 16, 2013 at 11:18 PM, Marsh Ray <maray@...rosoft.com> wrote:
>
>> Are we going to be awarding points at all?  Is this how we'll be determining
>> the winner(s)?  Maybe, or maybe not.
>
> I have no idea, except that fairness requires us to document the criteria as well as possible in advance.
>
> It may be that, like the SHA-3 competition, we learn a lot during the process itself. Therefore, having multiple rounds of the competition will be important.

To Marsh's point -

Would it be worth having quicker (and perhaps more) competition rounds?

The current timeline is:
 ~1 year for proposals
 ~1 more year for selection

If most submissions are built atop standard crypto, then extensive
cryptanalysis shouldn't be required.  I'd think the main effort will
be evaluating strategies for maximizing the attacker-hardness /
good-guy easiness ratio.

So might it be valuable to get some rough candidates quickly - perhaps
a "trial round" of submissions in 3 or 6 months, so people can get a
sense of the design space, and start developing evaluation metrics and
testbeds?


Trevor

Powered by blists - more mailing lists