lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 09 Jan 2014 10:14:17 +0100
From: Christian Forler <christian.forler@...-weimar.de>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Lyra, Password Key Derivation Based On The Sponge Construction

On 09.01.2014 01:43, Bill Cox wrote:
> Wow... MD5crypt.  I am a noob, and I've been telling my wife that I've
> name an algorithm after my cat.
> 
> Sorry about being noisy.  I'm just looking for every opportunity to push
> my primary point about the design of memory-hard KDFs: they should be
> fast, fill lots of memory, and any CPU cycles wasted on computing a
> crypto-strength hash per memory location is a waste of time.


"All of our methods for doing this involve finding some function F()
which approximates a random function and which requires roughly 2^t
work to compute." -- https://www.schneier.com/paper-low-entropy.html

It is quite hard so show such a behavior for a algorithm F() which is
not based on a cryptographic primitive. Moreover, the random function
approx. property is crucial since a cryptographic key is assumed to be
random.

Best regards,
Christian



Download attachment "signature.asc" of type "application/pgp-signature" (552 bytes)

Powered by blists - more mailing lists