| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20140227201139.GA13044@openwall.com> Date: Fri, 28 Feb 2014 00:11:39 +0400 From: Solar Designer <solar@...nwall.com> To: discussions@...sword-hashing.net Subject: Re: [PHC] "Predictable" vs "pseudorandom" KDFs On Thu, Feb 27, 2014 at 12:30:50PM -0700, Taylor Hornby wrote: > On 02/27/2014 06:45 AM, Bill Cox wrote: > > I need a short name for cache-timing-attack resistant KDFs which do no > > password dependent memory addressing. I use the phrase 20 times in my > > paper, and "KDFs which do no password dependent memory addressing" is > > a mouthful. I also use "KDFs which do password dependent addressing > > from the start" about 20 times, and I discuss my "hybrid" version, > > which like Scrypt, does the no-password-addressing thing in the first > > loop, and does the password-dependent thing in the second. > > > > Could we call the first type "predictable" KDFs, since they do only > > predictable address lookups? The second type could be "pseudorandom" > > KDFs. Are these good names? I find it is hard for a group to discuss > > ideas that have no concise name. > > I feel like "predictable" without any other qualifications would > conflict too much with other uses Definitely. > How about "blinded" and "unblinded" (or "nonblinded")? I dislike these because they emphasize way of achieving something rather than that end result itself, and in fact blinding might not always be the way (and in Bill's example is not). How about "cache timing safe" and "cache timing unsafe"? Alexander
Powered by blists - more mailing lists