| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAGZ8ZG0u5MbSD3dsthajNf41=UudT4fP5ky1RgiAk0aUSSHMTw@mail.gmail.com> Date: Sun, 17 Feb 2013 00:00:32 -0800 From: Trevor Perrin <trevp@...vp.net> To: Marsh Ray <maray@...rosoft.com> Cc: Jeremi Gosney <epixoip@...dshell.nl>, Jens Christian Hillerup <jens@...lerup.net>, Jens Steube <jens.steube@...il.com>, "discussions@...sword-hashing.net" <discussions@...sword-hashing.net> Subject: Re: [PHC] Different cost settings and optional input On Sat, Feb 16, 2013 at 11:18 PM, Marsh Ray <maray@...rosoft.com> wrote: > >> Are we going to be awarding points at all? Is this how we'll be determining >> the winner(s)? Maybe, or maybe not. > > I have no idea, except that fairness requires us to document the criteria as well as possible in advance. > > It may be that, like the SHA-3 competition, we learn a lot during the process itself. Therefore, having multiple rounds of the competition will be important. To Marsh's point - Would it be worth having quicker (and perhaps more) competition rounds? The current timeline is: ~1 year for proposals ~1 more year for selection If most submissions are built atop standard crypto, then extensive cryptanalysis shouldn't be required. I'd think the main effort will be evaluating strategies for maximizing the attacker-hardness / good-guy easiness ratio. So might it be valuable to get some rough candidates quickly - perhaps a "trial round" of submissions in 3 or 6 months, so people can get a sense of the design space, and start developing evaluation metrics and testbeds? Trevor
Powered by blists - more mailing lists