lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 3 Apr 2014 14:21:18 +0200
From: Thomas Pornin <pornin@...et.org>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Catfish and public key hash

On Thu, Apr 03, 2014 at 04:06:13AM -0500, Steve Thomas wrote:
> Anyway this is a non-issue if they just change it from (x is the
> output of Keccak):
> 
> g ** x (mod N)
> to
> x ** e (mod N)

For what it's worth, this is indeed how things are done in Makwa: the
intermediate value is raised to exponent e = 2**w, where w is the "time
cost parameter". If you make sure that N is a Blum integer (N = pq where
p and q are prime and both are equal to 3 modulo 4) then there seems to
be no known shortcut for this computation in the general case (you have
to compute w modular squarings), unless p and q are known.


	--Thomas Pornin

Powered by blists - more mailing lists