lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 24 Mar 2014 10:11:20 +0100
From: beloumi <beloumi@...eup.net>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] pufferfish


>> 2. Instead of replacing the s-box entries, wouldn't it be easy to expand
>> them to a memory-hard vector and use them piece by piece in the last
>> encryption step (that means: using a different s-box for each of the 64
>> encryptions or - more experimental - for each blowfish round)?
>> Please excuse that I write a comment although I have not fully reflect
>> the algorithm...
> Depending on the m_cost, doing so could break the memory hardness. Since
> only one s-box would be needed at a time, the attacker could hold each
> s-box in global memory and swap them into local memory when they are
> needed. Using each s-box simultaneously prevents this from occuring.
>
>
> Jeremi
>
>
You are right. And I think using the s-boxes simultaneously would not be
an easy solution as I expected.
But I agree to Bill, that increasing the memory cost of Pufferfish would
achieve more confidence, even if it is much less than other memory-hard
schemes. The authors of bcrypt thought (1999) of 14 KB as a „moderate“
memory amount. Maybe in this time „moderate“ means something like 1 MB.
I like Bcrypt and I would be glad if we could extend this algorithm for
the current requirements. Good luck, Jeremi!

Powered by blists - more mailing lists