lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 27 Feb 2014 12:30:50 -0700
From: Taylor Hornby <>
Subject: Re: [PHC] "Predictable" vs "pseudorandom" KDFs

On 02/27/2014 06:45 AM, Bill Cox wrote:
> I need a short name for cache-timing-attack resistant KDFs which do no
> password dependent memory addressing.  I use the phrase 20 times in my
> paper, and "KDFs which do no password dependent memory addressing" is
> a mouthful.  I also use "KDFs which do password dependent addressing
> from the start" about 20 times, and I discuss my "hybrid" version,
> which like Scrypt, does the no-password-addressing thing in the first
> loop, and does the password-dependent thing in the second.
> Could we call the first type "predictable" KDFs, since they do only
> predictable address lookups?  The second type could be "pseudorandom"
> KDFs.  Are these good names?  I find it is hard for a group to discuss
> ideas that have no concise name.

I feel like "predictable" without any other qualifications would
conflict too much with other uses, e.g. RNGs and PRGs.

How about "blinded" and "unblinded" (or "nonblinded")?

Taylor Hornby

Powered by blists - more mailing lists