lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 12 Apr 2014 21:33:46 -0400
From: Bill Cox <>
Subject: Re: The best of the best, IMO

By the way, Blowfish inspired, Catena inspired, and Script inspired, may be
good ways to think about the categories, but they break down functionally,
and not just by what algorithm inspired them.

Bcrypt inspired: These do small random password dependent read/writes
in-cache, preferably at high speed for good GPU defense like Bcrypt.  I put
algorithms in this category that look more like Script, but which may do
random reads from the beginning and have no strategy for busting out of
cache where we need to process large blocks of memory at a time.  This is,
IMO, the largest category in terms of entries, and includes algorithms that
authors didn't seem to specifically intend to be Bcrypt-like.  Doing
cache-bound unpredictable small random read/writes makes them Bcrypt-like,

Catena inspired: This includes worthy algorithms like Gambit, even if it is
not actually Catena inspired.  This category is for entries from authors
who feel strongly that no data-dependent memory reads should ever be done.
 I happen to feel quite the opposite.  When it was just Christian debating
the value of cache-timing-resistance over things like better speed, better
off-line brute-force attack defense, and better GPU defense, I felt it did
not deserve it's own category, or a winning entry.  However, entries from
various authors prove that many brilliant people in this field feel just as
Christian does.  I wouldn't want to stop them from having a winner in this
category, even if I lean towards Bcrypt-like algorithms for in-cache

By Script inspired, I mean algorithms that bust out of cache and do a *lot*
of memory hashing, like Script.  To do that, an algorithm requires a
strategy for mitigating cache-miss penalties.  Some entries look to me like
simplified versions of Script, but those that dropped Script's ability to
efficiently bust out of cache I put in the Bcrypt-like category.  I think
it makes more sense to compare them against algorithms like Pufferfish and
Battcrypt than against large memory capable algorithms like Lyra, Yescript,
EARWORM, and TwoCats.

The "other" category includes several interesting entries.  I like
Parallela, for example, as a PKDF2 upgrade.  Do we need winners for such
categories as improved traditional KDFs?  Maybe.  If the primary goal of
the PHC is improving the state of the art, then I'd say yes.  If we just
want users to not be confused, I'd say no.


Content of type "text/html" skipped

Powered by blists - more mailing lists