lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 29 Dec 2013 22:50:32 +0000
From: Peter Maxwell <>
Subject: Re: [PHC] Initial hashing function. Feedback welcome

On 29 December 2013 22:29, Bill Cox <> wrote:

> A weakness of the hashing function vs scrypt is that it is a simple
> non-cryptographic hash, rather than script's Salsa20/8.  This is the
> primary reason it runs faster.  If we do not need a strong cryptographic
> hash, there is significant opportunity for improving performance.

Afaik, the important property is more that an adversary cannot calculate
what's at each memory location, in a random access model, in less cost than
a memory access.  Or, that the algorithm doesn't create clustered accesses
that can be calculated in a single independent segment.

> Is there any reason such a simple hash function should not be used?  I am
> particularly interested in feedback on this point.

​As far as I know, as long as what you've generated has some fairly basic
properties and would cost more to calculate than the relevant memory
access, you're fine.​  I'm open to being corrected though: it's been a
while since I've done any reading on this and I'm not entirely convinced
memory-hard functions are the silver bullet they've been made out to be

Content of type "text/html" skipped

Powered by blists - more mailing lists