lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 15 Apr 2014 15:51:14 +0000 (UTC)
From: Teath Sch <teathsch@...lcity.com>
To: discussions@...sword-hashing.net
Subject: State of Tortuga

First of all please don't bother with pseudo code until I get v1 out.

At these early stages, I know that I'll get away with murder when it comes to 
"tweaks" due to the pragmatic nature of this competition.

Having said that, and in the interest of fairness to the well-prepared 
entrants, I'm trying to be as conservative as possible with changes.

Here are what I propose be added to the wiki under "Strengths"...

* resistance to timing attacks
* variable input/output lengths
* no dependence on other primitives
* simple description (although this might not be obvious from the current 
reference code)

v0 Weaknesses..
* fails basic randomness tests
* key scheduling is ad-hoc
* effect of m_cost parameter is coarse
* lacks a rigorous security argument

v1 will address all of these weaknesses

Teath Sch

Powered by blists - more mailing lists