lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 28 Mar 2014 04:22:30 +0400 From: Solar Designer <solar@...nwall.com> To: discussions@...sword-hashing.net Subject: Re: [PHC] pufferfish On Thu, Mar 27, 2014 at 08:04:47PM -0400, Bill Cox wrote: > On Thu, Mar 27, 2014 at 8:00 PM, Solar Designer <solar@...nwall.com> wrote: > > On Thu, Mar 27, 2014 at 07:38:27PM -0400, Bill Cox wrote: > >> On Thu, Mar 27, 2014 at 7:35 PM, Bill Cox <waywardgeek@...il.com> wrote: > >> > On Thu, Mar 27, 2014 at 7:10 PM, Solar Designer <solar@...nwall.com> wrote: > >> > Great, thanks. Back on topic, my #1 request for PufferFish would be > >> > having a 4KiB-ish block size with a user-defined repeat count, after > >> > which it would be mixed with another 4KiB block. This could L1-cache > >> > compute-time harden the algorithm while being effective against GPUs, > >> > couldn't it? With a low repeat count, it could hash a lot of external > >> > DRAM. I like the simplicity, but busting out of L1 cache seems > >> > problematic. > > > > Sure, but then pufferfish would be similar to escrypt and TwoCats. > > And that would be bad? :-D I guess not. > >> P.S. My #1 request for Escript (sorry, again off topic) would be a > >> SkinnyCat-like stripped down version of the essence of your favorite > >> parts of the algorithm. I got mine done in something like 30 hours, > >> so there's still time. > > > > I intend to work on something like this much later, way after the PHC > > submission deadline. I think things like that - additional > > implementations of portions of the functionality - can be added later, > > including as far as PHC is concerned. I've got better uses for the > > remaining time before the submission deadline. > > > > Alexander > > Just in case my opinion matters, I think that's totally a "tweak", and > not a rewrite at all. I look forward to seeing it. I think it's not even a "tweak", because the scheme does not change - only a subset of it is picked for a certain implementation. > I had the same thought that doing the two block-size thing would make > PufferFish like Escrypt and TwoCats. Not doing it seems like a > critical limitation. PufferFish is cool. I think it would be cooler > with one more outer loop, though it threatens the simplicity that I > like about it. Right. I had actually considered revising the original bcrypt to introduce that "outer loop", and I felt that it could be done without it appearing as an extra loop. bcrypt already has its 2^cost loop - that one loop could be revised to move the 4 KiB region across a larger arena and to XOR (or whatever) it with random 4 KiB regions in the already-written portion of the arena. Alexander
Powered by blists - more mailing lists