lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 10 Mar 2014 01:24:08 -0700
From: Larry Bugbee <>
Subject: Re: [PHC] attacking and hardening escrypt

On Mar 10, 2014, at 12:29 AM, Solar Designer <> wrote:

> Also, I've been seriously considering using 32-bit lanes.  (This has
> some pros and cons.  Among the pros is better compatibility with Salsa20,
> where it'd let us ignore SIMD shuffling of 32-bit words.  escrypt
> currently has some extra complexity because of this shuffling, yet
> having its new sub-block mixing work on 64-bit lanes.)  I think that
> with careful design and with use of the variable S-boxes, 32-bit lanes
> would be OK in terms of issues described above, but they'd provide a
> smaller safety margin.  (Luckily, we're not talking cryptographic
> security here, but just attacks that would allow for computation of the
> hash with somewhat less resources than intended.)

A naïve question perhaps, but would 64-bit lanes incur an [unnecessary?] performance penalty for defender's implementations on 32-bit processors like ARM?  ...or could/should this be an adjustable parameter the site manager/sysadmin could set?

Powered by blists - more mailing lists