| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAGiyFdfQoBB1zzPDpd4LQoAybnvMuj5njBZLExm+QpEVDEExGA@mail.gmail.com> Date: Sat, 5 Apr 2014 16:37:53 +0200 From: Jean-Philippe Aumasson <jeanphilippe.aumasson@...il.com> To: discussions@...sword-hashing.net Subject: Re: [PHC] POMELO fails the dieharder tests I've received an update of the POMELO code, will be up soon. On Sat, Apr 5, 2014 at 2:37 PM, Peter Maxwell <peter@...icient.co.uk> wrote: > > > > On 5 April 2014 07:15, Daniel Franke <dfoxfranke@...il.com> wrote: >> >> POMELO is one of a handful of PHC candidates which are not constructed >> around any established cryptographic hash function or cipher. POMELO's >> security claims include collision-resistance. Unfortunately, its output >> fails the dieharder tests. >> > > While I don't have the time myself to do it this weekend, it might be better > actually looking at the PHS output and what's going on in the reference > implementation because you'd expect at least a wee bit of non-zero results. > What you've got looks like a bug somewhere. > > Also, although it's probably not what's causing your results here, I'm > fairly sure that the dieharder tests aren't great for short inputs. > > If you want to demonstrate an algorithm isn't collision resistant, a sample > collision usually persuades people, e.g. x = f(a_1) = f(a_2). Or at least > provide an argument of how much work would be required to generate a > collision. > > >
Powered by blists - more mailing lists