lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 27 Feb 2014 08:45:42 -0500
From: Bill Cox <>
Subject: "Predictable" vs "pseudorandom" KDFs

I need a short name for cache-timing-attack resistant KDFs which do no
password dependent memory addressing.  I use the phrase 20 times in my
paper, and "KDFs which do no password dependent memory addressing" is
a mouthful.  I also use "KDFs which do password dependent addressing
from the start" about 20 times, and I discuss my "hybrid" version,
which like Scrypt, does the no-password-addressing thing in the first
loop, and does the password-dependent thing in the second.

Could we call the first type "predictable" KDFs, since they do only
predictable address lookups?  The second type could be "pseudorandom"
KDFs.  Are these good names?  I find it is hard for a group to discuss
ideas that have no concise name.


Powered by blists - more mailing lists