| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <28451.1396713198@critter.freebsd.dk> Date: Sat, 05 Apr 2014 15:53:18 +0000 From: "Poul-Henning Kamp" <phk@....freebsd.dk> To: Daniel Franke <dfoxfranke@...il.com> cc: discussions@...sword-hashing.net Subject: Re: Mechanical tests In message <87k3b3okah.fsf@...fjaw.dfranke.us>, Daniel Franke writes: >"Poul-Henning Kamp" <phk@....freebsd.dk> writes: > >> Dieharder looks for bits which do not carry one full bit of entropy, >> whivh is important if you are in the market for random-looking bits. >> >> We are not, we are in the business of making sure that entropy is >> not lost, and we do not care if an algorithm spits out 100 bits >> with full entropy or 1000 bits each with only 1/10th bit of entropy. > >Some of the PHC candidates claim to be key derivation functions. In >those cases we most assuredly do care about this. It would mean that the >effective length of your derived key is only a 1/10 what you thought it >was. No, that depends on the length of the number of bits output, times the amount of entropy in each bit. >POMELO's [...] I'm not defending POMELO in any way, I havn't even looked at it yet. I'm just pointing out that while dieharder is a damn good too for what it is designed for, it is not designed for what we're trying to do here. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@...eBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Powered by blists - more mailing lists