lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAOLP8p6D_+Rh_jM0yy1LZiOaiB5hJ1gtdjmSXLhQdrhGYzTyfg@mail.gmail.com>
Date: Thu, 21 Aug 2014 18:58:05 -0400
From: Bill Cox <waywardgeek@...il.com>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>
Subject: Re: [PHC] What Microsoft Would like from the PHC - Passwords14 presentation

On Thu, Aug 21, 2014 at 5:29 PM, Solar Designer <solar@...nwall.com>
wrote:Is Pufferfish v0 really side-channel resistant?  I think it's similar
to

> bcrypt in this respect, and we don't consider bcrypt to be cache-timing
> attack resistant, or do we?
>
> (I don't imply that all other PHC candidates with a "Yes" in that column
> are necessarily side-channel resistant.  I merely noticed this one
> apparent error.  There might be more.)
>
> Thanks again,
>
> Alexander
>

The authors also got yescript wrong in this column, with a "no" for cache
timing resistance.  It obviously has the same cache timing resistance
characteristics as the other hybrid designs, which are labelled with
"maybe" rather than "no".

Bill

Content of type "text/html" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ