lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 7 Jan 2014 15:57:50 -0200 (BRDT)
Subject: Re: [PHC] Lyra,
      Password Key Derivation Based On The Sponge Construction


Well, this was an initial presentation trying to explain why using memory
is an interesting idea: the numbers in the mentioned slide are completely
bogus, but could be achieved using PBKDF-MD5 or some other scheme, and
that is the idea behind the text.

But I fully agree that naively mentioning this speed for MD5 is completely
misleading (it is better to simply say "a KDF"). Thank you for pointing it


Marcos Simplicio.

> On 1/7/2014 4:34 AM, Jean-Philippe Aumasson wrote:
>> A future PHC candidate?
> Hm. If I understand the concept correctly, this is sort of similar to
> the candidate I have been working on.
> However, in the presentation linked on that site, the assertion on slide
> 8.2 (K20X only pulling 1.3 MH/s on MD5) is ludicrious. They're off by
> three orders of magnitude, and then some. In reailty, the K20X can pull
> about 5 GH/s on MD5, which is about what they reckoned the GPU could do
> per hour. This leads me to believe they don't really have a firm grasp
> on the attack landscape, which might mean they do not understand how an
> attacker might implement and optimize Lyra. I'd have to study it more to
> see if their claims hold up.
> But yes, I think someone should reach out to them and see if they wish
> to participate.

Powered by blists - more mailing lists