lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 7 Jan 2014 15:28:54 -0200 (BRDT)
Subject: Re: [PHC] Lyra,
      Password Key Derivation Based On The Sponge Construction

Hi everyone.

Yes, we are aware and following the list :)

Actually, Lyra was a petty project of mine prior to PHC, but became my
(and now my students') "favorite child" after we heard about the

We are currently working on some improvements both in terms of speed and
on the security proof, especially considering Catena's (awesome!) work on
formalizing its security based on DAGs and on Bill Cox's (also awesome!)
discussion on how to build the initial matrix.

Since you guys were so helpful with providing us with new ideas, we will
quite soon share them here (I believe this spirit of collaboration will
certainly lead to great candidates!).

BTW, the article as it appears in JCEN contains a slightly outdated Setup
phase (too many hands working on the same SVN repository and too few
revising...), which allows unwanted speed-ups when the attacker stores
intermediate sponge states. Since we only recently discovered the error in
the printed document, we are preparing an errata for our website
(hopefully we will also be able to change the pre-print at JCEN), so the
security analysis as is holds. The algorithm as implemented in the website
is correct, though.


Marcos Simplicio.

> On 1/7/2014 4:34 AM, Jean-Philippe Aumasson wrote:
>> A future PHC candidate?
> Actually, looking at Lyra.c, it seems they are already aware of the
> competition:
> int PHS(void *out, size_t outlen, const void *in, size_t inlen, const
> void *salt, size_t saltlen, unsigned int t_cost, unsigned int m_cost){
>     return lyra(in, inlen, salt, saltlen, t_cost, 64, m_cost, outlen,
> out);
> }

Powered by blists - more mailing lists