| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAJm83bAZo3y5a4Qw+i5nb6VvmFxqOn0gQfQrbKt0J8C2K5+vZA@mail.gmail.com> Date: Sun, 5 Jan 2014 11:47:36 -0500 From: Daniel Franke <dfoxfranke@...il.com> To: Krisztián Pintér <pinterkr@...il.com> Cc: discussions@...sword-hashing.net Subject: Re: [PHC] Proposed timeline changes On 1/5/14, Krisztián Pintér <pinterkr@...il.com> wrote: > > another way to go is to reduce the submission requirements. as of now, > a reference implementation and a large set of test vectors, as well as > discussion on performance, optimization possibilities, etc are > required. > > this might be problematic for a number of reasons. for example catena > is an abstract proposal, which is best discussed from theoretic > viewpoint. choosing the appropriate inner hash function is not > crucial, therefore could be skipped for now. > > the development time for any reference implementation that is actually > functional is a hassle. it has to be thoroughly tested and probably > reviewed by 3rd party, because a reference implementation with a bug > in it is not very useful. > > so if time pressure is an issue, and it is, i recommend dropping or > easing this requirement. I dislike this idea because not everybody is working in the same order. For example, EARWORM's reference and optimized implementations are already finished, and its spec nearly so, but the security and efficiency discussion is not yet written. If the deadline remains at Jan 31, the thoroughness of those sections is what will suffer. I doubt that there is any reduced set of requirements that will make everybody, or even most people, happy.
Powered by blists - more mailing lists