| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <52E112E2.2000802@uni-weimar.de>
Date: Thu, 23 Jan 2014 14:02:26 +0100
From: Christian Forler <christian.forler@...-weimar.de>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Computational comparison of 3 schemes...
On 23.01.2014 13:03, Bill Cox wrote:
> In contrast, Catena-3 already is optimized for only using 1/4 of the
> memory compared to the graph size, without complicating the algorithm.
> This observation lets me say with confidence that in timing-resistant
> mode, Catena-3 is simply the best of the three, without having to add
> any disclaimers about using less memory than the others.
> Now your implementation still needs to be optimized.
Yes. You are right, the current reference implementation is a little bit
slowish. :-)
> I really do believe you should have a version optimized to be
> multiply-time-limited in the inner loop with a simpler faster hash
> function than Blake2. That would increase your memory useage 10X, so
> you'd also have to use larger block sizes.
Maybe you are right. :)
> Please tell me your guys are at least trying this. If not, would you
> mind if I do a "friendly fork" of Catena, minimally modified to be 10X
> faster, and compute-time hardened against ASIC attacks? By friendly
> fork, I mean a fork on github where I beg you to pull the changes, and
> which goes away if you do.
Your are welcome to fork Catena. I add you as a Collaborator. So feel
free to add an optimized version of Catena.
Best regards,
Christian
Download attachment "signature.asc" of type "application/pgp-signature" (535 bytes)
Powered by blists - more mailing lists