[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20140328002230.GA25353@openwall.com>
Date: Fri, 28 Mar 2014 04:22:30 +0400
From: Solar Designer <solar@...nwall.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] pufferfish
On Thu, Mar 27, 2014 at 08:04:47PM -0400, Bill Cox wrote:
> On Thu, Mar 27, 2014 at 8:00 PM, Solar Designer <solar@...nwall.com> wrote:
> > On Thu, Mar 27, 2014 at 07:38:27PM -0400, Bill Cox wrote:
> >> On Thu, Mar 27, 2014 at 7:35 PM, Bill Cox <waywardgeek@...il.com> wrote:
> >> > On Thu, Mar 27, 2014 at 7:10 PM, Solar Designer <solar@...nwall.com> wrote:
> >> > Great, thanks. Back on topic, my #1 request for PufferFish would be
> >> > having a 4KiB-ish block size with a user-defined repeat count, after
> >> > which it would be mixed with another 4KiB block. This could L1-cache
> >> > compute-time harden the algorithm while being effective against GPUs,
> >> > couldn't it? With a low repeat count, it could hash a lot of external
> >> > DRAM. I like the simplicity, but busting out of L1 cache seems
> >> > problematic.
> >
> > Sure, but then pufferfish would be similar to escrypt and TwoCats.
>
> And that would be bad? :-D
I guess not.
> >> P.S. My #1 request for Escript (sorry, again off topic) would be a
> >> SkinnyCat-like stripped down version of the essence of your favorite
> >> parts of the algorithm. I got mine done in something like 30 hours,
> >> so there's still time.
> >
> > I intend to work on something like this much later, way after the PHC
> > submission deadline. I think things like that - additional
> > implementations of portions of the functionality - can be added later,
> > including as far as PHC is concerned. I've got better uses for the
> > remaining time before the submission deadline.
> >
> > Alexander
>
> Just in case my opinion matters, I think that's totally a "tweak", and
> not a rewrite at all. I look forward to seeing it.
I think it's not even a "tweak", because the scheme does not change -
only a subset of it is picked for a certain implementation.
> I had the same thought that doing the two block-size thing would make
> PufferFish like Escrypt and TwoCats. Not doing it seems like a
> critical limitation. PufferFish is cool. I think it would be cooler
> with one more outer loop, though it threatens the simplicity that I
> like about it.
Right.
I had actually considered revising the original bcrypt to introduce that
"outer loop", and I felt that it could be done without it appearing as
an extra loop. bcrypt already has its 2^cost loop - that one loop could
be revised to move the 4 KiB region across a larger arena and to XOR (or
whatever) it with random 4 KiB regions in the already-written portion of
the arena.
Alexander
Powered by blists - more mailing lists