lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 09 Jan 2014 10:56:25 +0100
From: Christian Forler <christian.forler@...-weimar.de>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] What's your favorite entry so far, and why?

On 09.01.2014 04:07, Bill Cox wrote:

> From a theoretical point of view, Catena wins so far.  Avoiding cache
> timing attacks is desirable, and Catena shows how to do it.  I am
> concerned that the authors recommend only 10-ish MB of memory, when
> escrypt can hash 1GB in a second.  Protection in memory-hard KDFs is
> proportional to memory used!  While I'm a fan of the algorithm, if
> Catena were more speed competitive, I would consider it a stronger
> candidate.

Do you really want to allocate 1GB of RAM on a tablet or smartphone to
perform the login process? A lot of those devices have less then
1GB of RAM. In general I'm not convinced that a significant amount of
useres/admins are not pleased with a login process that
allocates a huge amount of the systems RAM. On many host, such a
solution will virtually enforce swapping. Just saying. :-)


We designed Catena to run smoothly on (almost) any modern computer
without causing extra pain for regular users/admins.


Best regards,
Christian



Download attachment "signature.asc" of type "application/pgp-signature" (552 bytes)

Powered by blists - more mailing lists