lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 05 Apr 2014 11:41:58 -0400
From: Daniel Franke <dfoxfranke@...il.com>
To: "Poul-Henning Kamp" <phk@....freebsd.dk>
Cc: discussions@...sword-hashing.net
Subject: Re: Mechanical tests

"Poul-Henning Kamp" <phk@....freebsd.dk> writes:

> Dieharder looks for bits which do not carry one full bit of entropy,
> whivh is important if you are in the market for random-looking bits.
>
> We are not, we are in the business of making sure that entropy is
> not lost, and we do not care if an algorithm spits out 100 bits
> with full entropy or 1000 bits each with only 1/10th bit of entropy.

Some of the PHC candidates claim to be key derivation functions. In
those cases we most assuredly do care about this. It would mean that the
effective length of your derived key is only a 1/10 what you thought it
was.

POMELO's submission document doesn't use the words "key derivation
function", but it does claim collision resistance. But if you can find a
sequence of inputs which causes the outputs to fails the
diehard_birthdays test, then obviously you've reduced its collision
resistance to at least something less than 2**(outlen/2) (for outlen
expressed in bits). In this case, inputs of 0, 1, 2, 3... did the job.

Powered by blists - more mailing lists