lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 28 Mar 2014 04:22:30 +0400
From: Solar Designer <>
Subject: Re: [PHC] pufferfish

On Thu, Mar 27, 2014 at 08:04:47PM -0400, Bill Cox wrote:
> On Thu, Mar 27, 2014 at 8:00 PM, Solar Designer <> wrote:
> > On Thu, Mar 27, 2014 at 07:38:27PM -0400, Bill Cox wrote:
> >> On Thu, Mar 27, 2014 at 7:35 PM, Bill Cox <> wrote:
> >> > On Thu, Mar 27, 2014 at 7:10 PM, Solar Designer <> wrote:
> >> > Great, thanks.  Back on topic, my #1 request for PufferFish would be
> >> > having a 4KiB-ish block size with a user-defined repeat count, after
> >> > which it would be mixed with another 4KiB block.  This could L1-cache
> >> > compute-time harden the algorithm while being effective against GPUs,
> >> > couldn't it?  With a low repeat count, it could hash a lot of external
> >> > DRAM.  I like the simplicity, but busting out of L1 cache seems
> >> > problematic.
> >
> > Sure, but then pufferfish would be similar to escrypt and TwoCats.
> And that would be bad?  :-D

I guess not.

> >> P.S.  My #1 request for Escript (sorry, again off topic) would be a
> >> SkinnyCat-like stripped down version of the essence of your favorite
> >> parts of the algorithm.  I got mine done in something like 30 hours,
> >> so there's still time.
> >
> > I intend to work on something like this much later, way after the PHC
> > submission deadline.  I think things like that - additional
> > implementations of portions of the functionality - can be added later,
> > including as far as PHC is concerned.  I've got better uses for the
> > remaining time before the submission deadline.
> >
> > Alexander
> Just in case my opinion matters, I think that's totally a "tweak", and
> not a rewrite at all.  I look forward to seeing it.

I think it's not even a "tweak", because the scheme does not change -
only a subset of it is picked for a certain implementation.

> I had the same thought that doing the two block-size thing would make
> PufferFish like Escrypt and TwoCats.  Not doing it seems like a
> critical limitation.  PufferFish is cool.  I think it would be cooler
> with one more outer loop, though it threatens the simplicity that I
> like about it.


I had actually considered revising the original bcrypt to introduce that
"outer loop", and I felt that it could be done without it appearing as
an extra loop.  bcrypt already has its 2^cost loop - that one loop could
be revised to move the 4 KiB region across a larger arena and to XOR (or
whatever) it with random 4 KiB regions in the already-written portion of
the arena.


Powered by blists - more mailing lists