| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CACsn0cngJJu-feOHBv5sNWCueevNf2iqGvP5DGPs0k-d8NTOyg@mail.gmail.com> Date: Sat, 14 Sep 2013 08:11:50 -0700 From: Watson Ladd <watsonbladd@...il.com> To: discussions@...sword-hashing.net Subject: Re: [PHC] Fwd: [crypt-dev] Password Scrambling On Sat, Sep 14, 2013 at 5:10 AM, Krisztián Pintér <pinterkr@...il.com> wrote: > > > about catena, http://eprint.iacr.org/2013/525 > > i was about to open a conversation on iacr, but i can't register for some reason. > > on another forum, the concern came up that catena memory hardness might not hold on shared memory multi-cpu systems. > > i have an idea how to alter the black pebble game so it would model such systems. > > in the traditional game, one move is defined as > > 1. place a pebble if prev nodes are pebbled > 2. remove a pebble > 3. move a pebble (combined 1 and 2) > > in the parallel model, one move would be > > 1. place any number of pebbles if prev nodes are pebbled before the step > 2. remove any number of pebbles > 3. move any number of pebbles (combined 1 and 2) The issue here is the hidden pebble: In the pebble game we need temporary storage for the computed result. For example, take a bipartite graph. Then your parallel game lets it be done in one step, but this is only true if you have N processors. What's needed is limiting the number of pebbles in each step to k, where k is the number of processors. Circuit complexity is probably what we really want to deal with. > > > basically it would allow doing multiple steps in parallel if they don't depend on each other. > > maybe worth checking how catena performs in this model. > > > > > ---------- Forwarded message ---------- > > From: Christian Forler <christian.forler@...-weimar.de> > > Date: Mon, Sep 2, 2013 at 12:58 PM > > Subject: Re: [crypt-dev] Password Scrambling > > To: crypt-dev@...ts.openwall.com > > > > On 18.01.2013 22:13, Christian Forler wrote: > > [...] > > > >> Anyway! In the next couple of weeks, we will write an academic paper > >> introducing a new password scrambler (key derivation function). After > >> that, I will try to supply you with an abbreviated version of our > >> extended abstract, if desired. > > > > > > > > Sorry, for the long delay. But this work took a little longer than > > expected. Nevertheless, we came up with Catena, a new memory-hard > > password scrambler based on the bit reversal function. A detailed > > description of our scheme is available on eprint > > (http://eprint.iacr.org/2013/525). > > > > We hope you enjoy this work, and we look forward to fruitful > > discussions, comments, and criticism (on this mailing list). > > > > Kind regards, > > Christian > > > > > > > > > > > > ----- > -- "Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety." -- Benjamin Franklin
Powered by blists - more mailing lists