lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 23 Jan 2014 14:02:26 +0100
From: Christian Forler <>
Subject: Re: [PHC] Computational comparison of 3 schemes...

On 23.01.2014 13:03, Bill Cox wrote:

> In contrast, Catena-3 already is optimized for only using 1/4 of the
> memory compared to the graph size, without complicating the algorithm.
>  This observation lets me say with confidence that in timing-resistant
> mode, Catena-3 is simply the best of the three, without having to add
> any disclaimers about using less memory than the others.

> Now your implementation still needs to be optimized. 

Yes. You are right, the current reference implementation is a little bit
slowish. :-)

> I really do believe you should have a version optimized to be
> multiply-time-limited in the inner loop with a simpler faster hash
> function than Blake2.  That would increase your memory useage 10X, so
> you'd also have to use larger block sizes.

Maybe you are right. :)

> Please tell me your guys are at least trying this.  If not, would you
> mind if I do a "friendly fork" of Catena, minimally modified to be 10X
> faster, and compute-time hardened against ASIC attacks?  By friendly
> fork, I mean a fork on github where I beg you to pull the changes, and
> which goes away if you do.

Your are welcome to fork Catena. I add you as a Collaborator. So feel
free to add an optimized version of Catena.

Best regards,

Download attachment "signature.asc" of type "application/pgp-signature" (535 bytes)

Powered by blists - more mailing lists