| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <532FF6B8.5010000@riseup.net> Date: Mon, 24 Mar 2014 10:11:20 +0100 From: beloumi <beloumi@...eup.net> To: discussions@...sword-hashing.net Subject: Re: [PHC] pufferfish >> 2. Instead of replacing the s-box entries, wouldn't it be easy to expand >> them to a memory-hard vector and use them piece by piece in the last >> encryption step (that means: using a different s-box for each of the 64 >> encryptions or - more experimental - for each blowfish round)? >> Please excuse that I write a comment although I have not fully reflect >> the algorithm... > Depending on the m_cost, doing so could break the memory hardness. Since > only one s-box would be needed at a time, the attacker could hold each > s-box in global memory and swap them into local memory when they are > needed. Using each s-box simultaneously prevents this from occuring. > > > Jeremi > > You are right. And I think using the s-boxes simultaneously would not be an easy solution as I expected. But I agree to Bill, that increasing the memory cost of Pufferfish would achieve more confidence, even if it is much less than other memory-hard schemes. The authors of bcrypt thought (1999) of 14 KB as a „moderate“ memory amount. Maybe in this time „moderate“ means something like 1 MB. I like Bcrypt and I would be glad if we could extend this algorithm for the current requirements. Good luck, Jeremi!
Powered by blists - more mailing lists