lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 25 Jan 2014 19:30:35 -0500
From: Bill Cox <waywardgeek@...il.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Initial (non-proof-read) NeolKDF paper

On Sat, Jan 25, 2014 at 5:22 PM, Gary W. Hvizdak
<gary.hvizdak@....rr.com> wrote:

> Bill,
>
>     In 2.1 Simplified NoelKDF, the statement ...
>
>     value = value*(mem[prevAddr++] | 3) + mem[randAddr++];
>
> ... is equivalent to ...
>
>   switch ( mem[prevAddr++] | 3 )
>   {
>     case 0 : value = mem[randAddr++];                         break;
>     case 1 : value = mem[randAddr++] + value;                 break;
>     case 2 : value = mem[randAddr++] +         (value << 1);  break;
>     case 3 : value = mem[randAddr++] + value + (value << 1);  break;
>     default :
>   }
>
> ... which is surely the route an attacker would take.
>
> Cheers,
> Gary

Thanks for reading it so carefully.  I meant the | operator to mean
bit-wise OR, as it is used in C and C++.  I've seen some papers use it
for concatenation instead.  What it does is set the low two bits to 1,
but the upper 30 bits are unchanged.  To be reversable, a 32x32 -> 32
unsigned multiply needs to have one operand be odd.  I found that with
out an | operator to make one operand odd, I could not pass the
dieharder tests.  I also found that I get more rapid mixing when some
of the input has a lot of 0's with 3 rather than 1, so I changed it to
3.  Perhaps I should have left it as 1, since I've gone back to using
SHA-256 to fill the entire first block of memory with high quaility
pseudo-random data.

I'm sure I have other errors.  I wrote the code, and then used it as a
reference for the pseudo code.  I rarely type that much code and have
it compile the first time, especially with fairly poor vision.

I've been sick for days, and I can't think of anything to do other
than sit at my computer being miserable and editing hashing code.  I
wasn't going to bother writing the paper, since I hate writing so
much, but since I've gotten this far, I'll probably submit it.  I'm
checking in an update now.

Bill

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ