| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 6 Jan 2014 09:19:02 +0100 From: Jean-Philippe Aumasson <jeanphilippe.aumasson@...il.com> To: discussions@...sword-hashing.net Subject: Re: [PHC] Proposed timeline changes Thanks Alex for the constructive feedback. I guess we won't need a formal definition of tweak, it's rather a I-know-it-when-I-see-it: it should be a modification of the submitted algorithm rather than a radically new algorithms, such that the modified algorithm should not differ too much from the original one. In previous competitions (AES, eSTREAM, SHA-3), I did not feel that there was a significant need for "knowledge resuse", however I understand that the case of password hashing may be specific. I agree that it may be sensible to decide on the competition structure (whether and when to shortlist, tweak, etc.) based on the knowledge of the submissions received. This afternoon I'm presenting PHC at the Symmetric Crypto seminar in Dagstuhl (http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=14021). I'm planning to announce the new submission deadline (March 31). On Sun, Jan 5, 2014 at 10:24 AM, Solar Designer <solar@...nwall.com> wrote: > On Sun, Jan 05, 2014 at 09:55:28AM +0100, Jean-Philippe Aumasson wrote: >> 1) Move the submission deadline from January 31 to March 31 (with unchanged >> requirements) >> >> 2) Agree on a new tentative timeline before March 31 (which may be further >> revised depending on the quantity and quality of submissions) >> >> Any objection? > > No objections from me. > >> On Jan 5, 2014 9:41 AM, "Jean-Philippe Aumasson" <jeanphilippe.aumasson@...il.com> wrote: >> > However we won't accept submissions after the initial deadline. And round >> > 2 is about shortlisting a few submissions rather than receiving new ones. >> > The game has to have rules :) >> > >> > What do other panel members think? > > I think many (if not all) of us are going to learn a few things from > each other's submissions. It is important to let us reuse this > knowledge in revised submissions, and this may require more than tweaks. > > I am also unsure of what qualifies as a mere tweak and what does not, > and whether adding an extra password hashing scheme variation or extra > mode of operation (e.g., a scripting language friendly one to a > submission previously friendly to native code only) falls under "tweaks" > or not. (Obviously, I am assuming that the test vectors will differ. > If they don't, it's a mere implementation change, which is not in any > way limited by PHC rules.) > > The scripting language example is not an arbitrary one. What I am > seeing so far is that all new designs being discussed so far focus on > native code only, so far. Yet I think that given more time, having > received initial reviews/feedback, and having seen each other's > submissions, some of those same teams may come up with variations of > their schemes intended for scripting languages. It just feels premature > to work on that yet. > > The game does have to have rules, but not necessarily the exact rules > outlined in the provisional timeline so far. If you feel that we need a > round where we'd shortlist a few finalists, then I think we potentially > need an extra round (before the shortlisting) for the knowledge reuse. > > We might have a slightly better idea on whether the shortlisting round > is needed if we ask would-be submitters to announce their plans to > submit by/on the previously scheduled date of January 31 (so it won't be > a surprise to them that something is expected from them by then, and > it'd be a relief that less is expected and they have 2 more months for > the actual submissions). > > Alexander
Powered by blists - more mailing lists