lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 1 Apr 2014 17:23:22 -0400
From: Bill Cox <>
Subject: Re: [PHC] PHC Zoo ?

On Tue, Apr 1, 2014 at 3:30 PM, Thomas Pornin <> wrote:
> On Tue, Apr 01, 2014 at 01:38:05PM -0400, Bill Cox wrote:
>> is it cool to make a hobby out of attacking all the submissions, even
>> if I have an entry?
> It is more than cool; it is highly recommended. The whole point of an
> open cryptographic competition is to accumulate analysis, i.e. to have a
> lot of people trying to break the algorithms. It is normal and expected
> that submitters, in particular, will try real hard to break each other
> algorithms.
>> If so, where is the place to discuss weaknesses of various hashing
>> algorithms?
> I'd say that discussions on password hashing algorithms are appropriate
> on a mailing-list whose address is ''.
> Usually, academics discuss cryptography by gathering regularly, and,
> when they cannot meet physically, exchange written information over
> appropriate mediums. Historically, papyrus and then parchment were used,
> but nowadays emails are preferred. When someone has a full, elegant and
> non-trivial attack to demonstrate, he usually writes it down with the
> traditional formalism (i.e. an 'article') and pushes it through the
> various mechanisms (conferences with proceedings, and/or the IACR ePrint
> archive: ); for smaller, faster remarks, and,
> yes, discussions, this present mailing-list is expected to be used. In
> particular during the first pruning phase, during which the list of
> candidates should be reduced (24 are fine, but maybe a bit too much for
> available cryptanalytic resources).
> At least that's how things worked for SHA-3. I don't remember if there
> was a mailing-list for the AES competition.
>> I notice that poor AntCrypt is suffering from early cryptanalysis
> As far as can I see, it is more a specification/implementation issue,
> but maybe I don't see everything that is to be seen. E.g. I don't follow
> the IRC channel (maybe I should ?).
> For high-quality rational scientific debates, it is usually best if
> people take time to structure their arguments and put them in due order;
> so emails are a better format than chat-like interfaces. That's my
> opinion.
>         --Thomas Pornin

Thanks for that info.  So, we'll discuss here, and the fun continues :-)

I have some comments for AntCrypt, but if we all read it first that
would be pretty miserable for the author.  I'll read them all and post
a laundry-list.  Nothing major, just weaknesses not acknowledged by
the authors.  Some of the authors, like EARWORM, listed everything he
could think of, and I have nothing so far to add, but probably half of
the ones I've read so far didn't list any weaknesses at all, and so I
have a list...


Powered by blists - more mailing lists