lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 25 Jan 2014 20:53:55 -0800
From: "Dennis E. Hamilton" <>
To: <>
Cc: <>,
	"'Bill Cox'" <>
Subject: RE: [PHC] Initial (non-proof-read) NeolKDF paper

Kibbitzing for a moment:

If you don't know what the low order bit is, xor of an odd value doesn't guarantee that the result is odd.

The multiplication is kind of a congruential PRNG step modulo whatever the multiplier word size is.  My experience is that you need both terms of the multiplication to be odd to work well to avoid the poisoning effects of lots of trailing zeros in either multiplication operand.  (How that fits with regard to reversibility is not something I've thought about.)  

Now the problem is that the product is always odd.  I posit this can be cured by shifting the derived product right one bit.  This means you always have a 0 leading bit unless there is enough of the full product to shift a bit in from the higher-order "word" of the full product result. 

I have no idea whether this satisfies the constraints of the situation and whether it mucks with the "randomness."  It is just why you may want to force at least one, maybe both, numbers to odd going into the multiplication. 

 - Dennis

-----Original Message-----
From: Gary W. Hvizdak [] 
Sent: Saturday, January 25, 2014 16:37
Subject: RE: [PHC] Initial (non-proof-read) NeolKDF paper

I just wrote ...

    Oh duh!  I knew that you meant bitwise OR, but nevertheless my brain
read it as bitwise AND.  (Happens far too often.)


P.S.  Bill, why OR rather than XOR?

Powered by blists - more mailing lists