lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 05 Apr 2014 02:15:56 -0400
From: Daniel Franke <dfoxfranke@...il.com>
To: discussions@...sword-hashing.net
Subject: POMELO fails the dieharder tests

POMELO is one of a handful of PHC candidates which are not constructed
around any established cryptographic hash function or cipher. POMELO's
security claims include collision-resistance. Unfortunately, its output
fails the dieharder tests.

I added the following function to POMELO's reference implementation:

int main() {
  uint64_t i = 0;
  do {
    char out[128];
    static char salt[16];
    PHS(out, sizeof out, &i, sizeof i, salt, sizeof salt, 0, 0);
    fwrite(out, 128, 1, stdout);
  } while(++i);

  return 0;
}

I added the headers <stdio.h> and <stdint.h> to support this function,
and also <string.h> to get clean compilation, since the reference
implementation uses memcpy() but doesn't include its prototype.

I then ran the following:

dfranke@...fjaw:~$ uname -a
Linux wolfjaw 3.2.0-4-amd64 #1 SMP Debian 3.2.51-1 x86_64 GNU/Linux
dfranke@...fjaw:~$ gcc --version
gcc (Debian 4.7.2-5) 4.7.2
Copyright (C) 2012 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

dfranke@...fjaw:~$ gcc -g -O3 -march=native pomelo.c 
dfranke@...fjaw:~$ ./a.out | dieharder -g 200 -a | tee diehard.out

I wandered away for a few minutes and came back to the following output:

#=============================================================================#
#            dieharder version 3.31.1 Copyright 2003 Robert G. Brown          #
#=============================================================================#
   rng_name    |rands/second|   Seed   |
stdin_input_raw|  1.33e+06  |3893399644|
#=============================================================================#
        test_name   |ntup| tsamples |psamples|  p-value |Assessment
#=============================================================================#
   diehard_birthdays|   0|       100|     100|0.00000000|  FAILED  
      diehard_operm5|   0|   1000000|     100|0.00000000|  FAILED  
  diehard_rank_32x32|   0|     40000|     100|0.00000000|  FAILED  
    diehard_rank_6x8|   0|    100000|     100|0.00000000|  FAILED  
   diehard_bitstream|   0|   2097152|     100|0.00000000|  FAILED  
        diehard_opso|   0|   2097152|     100|0.00000000|  FAILED  
        diehard_oqso|   0|   2097152|     100|0.00000000|  FAILED  
         diehard_dna|   0|   2097152|     100|0.00000000|  FAILED  
diehard_count_1s_str|   0|    256000|     100|0.00000000|  FAILED  
diehard_count_1s_byt|   0|    256000|     100|0.00000000|  FAILED  
 diehard_parking_lot|   0|     12000|     100|0.00000000|  FAILED  
    diehard_2dsphere|   2|      8000|     100|0.00000000|  FAILED  
    diehard_3dsphere|   3|      4000|     100|0.00000000|  FAILED  
     diehard_squeeze|   0|    100000|     100|0.00000000|  FAILED  
        diehard_sums|   0|       100|     100|0.00000000|  FAILED  
        diehard_runs|   0|    100000|     100|0.00000000|  FAILED  
        diehard_runs|   0|    100000|     100|0.00000000|  FAILED  
       diehard_craps|   0|    200000|     100|0.00000000|  FAILED  
       diehard_craps|   0|    200000|     100|0.00000000|  FAILED  

At this point I killed the tests since I figured the rest would be
uninteresting.

Powered by blists - more mailing lists