| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87ob0gnvxf.fsf@wolfjaw.dfranke.us>
Date: Sat, 05 Apr 2014 02:15:56 -0400
From: Daniel Franke <dfoxfranke@...il.com>
To: discussions@...sword-hashing.net
Subject: POMELO fails the dieharder tests
POMELO is one of a handful of PHC candidates which are not constructed
around any established cryptographic hash function or cipher. POMELO's
security claims include collision-resistance. Unfortunately, its output
fails the dieharder tests.
I added the following function to POMELO's reference implementation:
int main() {
uint64_t i = 0;
do {
char out[128];
static char salt[16];
PHS(out, sizeof out, &i, sizeof i, salt, sizeof salt, 0, 0);
fwrite(out, 128, 1, stdout);
} while(++i);
return 0;
}
I added the headers <stdio.h> and <stdint.h> to support this function,
and also <string.h> to get clean compilation, since the reference
implementation uses memcpy() but doesn't include its prototype.
I then ran the following:
dfranke@...fjaw:~$ uname -a
Linux wolfjaw 3.2.0-4-amd64 #1 SMP Debian 3.2.51-1 x86_64 GNU/Linux
dfranke@...fjaw:~$ gcc --version
gcc (Debian 4.7.2-5) 4.7.2
Copyright (C) 2012 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
dfranke@...fjaw:~$ gcc -g -O3 -march=native pomelo.c
dfranke@...fjaw:~$ ./a.out | dieharder -g 200 -a | tee diehard.out
I wandered away for a few minutes and came back to the following output:
#=============================================================================#
# dieharder version 3.31.1 Copyright 2003 Robert G. Brown #
#=============================================================================#
rng_name |rands/second| Seed |
stdin_input_raw| 1.33e+06 |3893399644|
#=============================================================================#
test_name |ntup| tsamples |psamples| p-value |Assessment
#=============================================================================#
diehard_birthdays| 0| 100| 100|0.00000000| FAILED
diehard_operm5| 0| 1000000| 100|0.00000000| FAILED
diehard_rank_32x32| 0| 40000| 100|0.00000000| FAILED
diehard_rank_6x8| 0| 100000| 100|0.00000000| FAILED
diehard_bitstream| 0| 2097152| 100|0.00000000| FAILED
diehard_opso| 0| 2097152| 100|0.00000000| FAILED
diehard_oqso| 0| 2097152| 100|0.00000000| FAILED
diehard_dna| 0| 2097152| 100|0.00000000| FAILED
diehard_count_1s_str| 0| 256000| 100|0.00000000| FAILED
diehard_count_1s_byt| 0| 256000| 100|0.00000000| FAILED
diehard_parking_lot| 0| 12000| 100|0.00000000| FAILED
diehard_2dsphere| 2| 8000| 100|0.00000000| FAILED
diehard_3dsphere| 3| 4000| 100|0.00000000| FAILED
diehard_squeeze| 0| 100000| 100|0.00000000| FAILED
diehard_sums| 0| 100| 100|0.00000000| FAILED
diehard_runs| 0| 100000| 100|0.00000000| FAILED
diehard_runs| 0| 100000| 100|0.00000000| FAILED
diehard_craps| 0| 200000| 100|0.00000000| FAILED
diehard_craps| 0| 200000| 100|0.00000000| FAILED
At this point I killed the tests since I figured the rest would be
uninteresting.
Powered by blists - more mailing lists