lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CA+aY-u5kdtbm9rSVj8y6gO8uPghQWSjZ3T3E54a7UgTMitWPCA@mail.gmail.com>
Date: Sat, 5 Apr 2014 13:37:03 +0100
From: Peter Maxwell <peter@...icient.co.uk>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>
Subject: Re: [PHC] POMELO fails the dieharder tests

On 5 April 2014 07:15, Daniel Franke <dfoxfranke@...il.com> wrote:

> POMELO is one of a handful of PHC candidates which are not constructed
> around any established cryptographic hash function or cipher. POMELO's
> security claims include collision-resistance. Unfortunately, its output
> fails the dieharder tests.
>
>
While I don't have the time myself to do it this weekend, it might be
better actually looking at the PHS output and what's going on in the
reference implementation because you'd expect at least a wee bit of
non-zero results.  What you've got looks like a bug somewhere.

Also, although it's probably not what's causing your results here, I'm
fairly sure that the dieharder tests aren't great for short inputs.

If you want to demonstrate an algorithm isn't collision resistant, a sample
collision usually persuades people, e.g. x = f(a_1) = f(a_2).  Or at least
provide an argument of how much work would be required to generate a
collision.

Content of type "text/html" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ