| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 13 Feb 2014 19:47:28 +0400 From: Solar Designer <solar@...nwall.com> To: discussions@...sword-hashing.net Subject: Re: [PHC] multiply-hardening (Re: NoelKDF ready for submission) On Thu, Feb 13, 2014 at 09:44:13AM -0500, Bill Cox wrote: > On Wed, Feb 12, 2014 at 11:16 AM, Solar Designer <solar@...nwall.com> wrote: > > BTW, you might not need the "| 3" when you do 32x32->64. Your rationale > > for the "| 3" was to preserve entropy, but 32x32->64 is lossless (in > > fact, it's reversible, which might allow for attacks - you might need > > something else instead of the "| 3", perhaps after the multiply, to make > > it one-way). > > > > Alexander > > In the version of this I tested, I make "value" (horrible name...) > 64-bit, so the cast to 32-bit is not reversible, so there's no problem > there. However, without the "| 3", I see that most of the LSBs after > 1B iterations of the hash loop are 0. Oh, I think you need to be passing "value" (or whatever other small state you have) through a crypto hash once in a while. Letting a billion iterations of non-crypto hashing accumulate is unjustified risk. There's little reduction in speed if you invoke a crypto hash before and/or after every block processed (IIRC, you call it a "page"). In fact, once we add low-level parallelism we also need something very much like a crypto hash to be applied at least once or twice per block anyway, for data mixing between the parallel lanes - and we can just go ahead and use a crypto hash there (as long as the block is large enough for this to be affordable). (I am experimenting with this for a revision of escrypt.) Alexander
Powered by blists - more mailing lists