lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <c7f4045d2b80439190f0a97743f9dcd1@BLUPR03MB166.namprd03.prod.outlook.com>
Date: Wed, 7 Aug 2013 07:56:40 +0000
From: Marsh Ray <maray@...rosoft.com>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>
Subject: RE: [PHC] A (naively?) simple PHC submission using hash chains

From: Steve Thomas [mailto:steve@...tu.com] 
Sent: Wednesday, August 7, 2013 12:39 AM
>
> I heard from Daniel Selifonov that the AES-NI are actually faster than saving the
> expanded key in memory. Anyone know if the AES-NI run in constant time? 

From:
http://software.intel.com/en-us/articles/intel-advanced-encryption-standard-aes-instructions-set/
http://download-software.intel.com/sites/default/files/article/165683/aes-wp-2012-09-22-v01.pdf 

"Beyond improving performance, the AES instructions provide important 
security benefits. By running in data-independent time and not using 
tables, they help in eliminating the major timing and cache-based 
attacks that threaten table-based software implementations of AES. In 
addition, they make AES simple to implement, with reduced code size,
which helps reducing the risk of inadvertent introduction of security 
flaws, such as difficult-to-detect side channel leaks."

Grøstl was a finalist in the SHA-3 competition which was able to benefit from AES-NI.
http://www.groestl.info/implementations.html


- Marsh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ