| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 7 Jan 2014 15:57:50 -0200 (BRDT)
From: mjunior@...c.usp.br
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Lyra,
Password Key Derivation Based On The Sponge Construction
Hi,
Well, this was an initial presentation trying to explain why using memory
is an interesting idea: the numbers in the mentioned slide are completely
bogus, but could be achieved using PBKDF-MD5 or some other scheme, and
that is the idea behind the text.
But I fully agree that naively mentioning this speed for MD5 is completely
misleading (it is better to simply say "a KDF"). Thank you for pointing it
out.
BR,
Marcos Simplicio.
> On 1/7/2014 4:34 AM, Jean-Philippe Aumasson wrote:
>> A future PHC candidate?
>> http://lyra-kdf.net/
>
> Hm. If I understand the concept correctly, this is sort of similar to
> the candidate I have been working on.
>
> However, in the presentation linked on that site, the assertion on slide
> 8.2 (K20X only pulling 1.3 MH/s on MD5) is ludicrious. They're off by
> three orders of magnitude, and then some. In reailty, the K20X can pull
> about 5 GH/s on MD5, which is about what they reckoned the GPU could do
> per hour. This leads me to believe they don't really have a firm grasp
> on the attack landscape, which might mean they do not understand how an
> attacker might implement and optimize Lyra. I'd have to study it more to
> see if their claims hold up.
>
> But yes, I think someone should reach out to them and see if they wish
> to participate.
>
>
Powered by blists - more mailing lists