lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 26 Mar 2014 08:40:34 -0400
From: Bill Cox <>
Subject: The SkinnyCat lives

In case anyone's interested, I've checked in a reference
implementation of "SkinnyCat", a stripped-down version of TwoCats.
It's in the skinnycat subdirectory of twocats, which as always, is at:

It came out nicer than I thought it would.  The purpose of SkinnyCat
is to be simple to implement while providing "good-enough" memory-hard
password security for applications that need a simpler PHS than

Basically, it still hashes memory in two loops, the first one being
resistant to cache-timing attacks, and the second loop being
unpredictable to increase defense against brute force guessing
attacks.  It results in a 256 bit hash, and works currently with
Blake2s and SHA256.  It's a bit over 200 lines of code.  It takes only
one cost parameter: memCost, which causes it to hash 1KiB * 2^memCost.
 The reference implementation hashes 2GiB in 0.451 seconds on my
3.4GHz Ivy Bridge Core i7, using 1 thread.  It does 16MiB in 4ms.
There's room for some speed improvement with SSE/AVX2 optimization,
but I'm not planning on complicating this little project that way.
TwoCats on one thread does 2GiB of SkinnyCat hashing in 0.425 seconds,
with SSE2 optimization.

The reference TwoCats main.c wrapper implements a SkinnyCat interface
with the -a skinnycat flag, and I've verified it generates the same
hashes for memCost up to 21.

I'm still working on updating the documentation to include SkinnyCat,
but the code should be pretty clear.


Powered by blists - more mailing lists