| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <530F926A.80402@defuse.ca> Date: Thu, 27 Feb 2014 12:30:50 -0700 From: Taylor Hornby <havoc@...use.ca> To: discussions@...sword-hashing.net Subject: Re: [PHC] "Predictable" vs "pseudorandom" KDFs On 02/27/2014 06:45 AM, Bill Cox wrote: > I need a short name for cache-timing-attack resistant KDFs which do no > password dependent memory addressing. I use the phrase 20 times in my > paper, and "KDFs which do no password dependent memory addressing" is > a mouthful. I also use "KDFs which do password dependent addressing > from the start" about 20 times, and I discuss my "hybrid" version, > which like Scrypt, does the no-password-addressing thing in the first > loop, and does the password-dependent thing in the second. > > Could we call the first type "predictable" KDFs, since they do only > predictable address lookups? The second type could be "pseudorandom" > KDFs. Are these good names? I find it is hard for a group to discuss > ideas that have no concise name. > I feel like "predictable" without any other qualifications would conflict too much with other uses, e.g. RNGs and PRGs. How about "blinded" and "unblinded" (or "nonblinded")? -- Taylor Hornby
Powered by blists - more mailing lists