lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 22 Jan 2014 20:13:19 +0400
From: Solar Designer <solar@...nwall.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Modified pseudo-random distribution in NoelKDF

On Wed, Jan 22, 2014 at 05:07:02PM +0400, Solar Designer wrote:
> On Wed, Jan 22, 2014 at 07:43:53AM -0500, Bill Cox wrote:
> > This reduced the 25% coverage attack to 24.5X penalty for a 1% cheat
> > killer pass.  I did the same for the sliding window.  I increased the
> > minimum edge length to pebble a node to 22,500 to keep it at 25.0%
> > pebble coverage, and the penalty dropped to 0.88X for my 1% pass.
> 
> What is meant by a penalty of 0.88X?

Oh, I guess this is 0.88X on top of the normal effort (non-TMTO),
meaning a 1.88X increase in total effort (for both loops combined).

Actually, I am surprised.  I thought the penalty would be less, if it's
just for the 1% pass and not also for the lookups needed during the
memory filling pass (why aren't you counting those?)

What penalties are you getting for 50% coverage?  Are they comparable to
my results here? -

http://www.openwall.com/lists/crypt-dev/2013/11/25/2

Yes, these were for a different anti-TMTO approach - with random writes
rather than random reads while filling memory - yet there's similarity.

Alexander

Powered by blists - more mailing lists