lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 21 Aug 2014 18:58:05 -0400
From: Bill Cox <>
To: "" <>
Subject: Re: [PHC] What Microsoft Would like from the PHC - Passwords14 presentation

On Thu, Aug 21, 2014 at 5:29 PM, Solar Designer <>
wrote:Is Pufferfish v0 really side-channel resistant?  I think it's similar

> bcrypt in this respect, and we don't consider bcrypt to be cache-timing
> attack resistant, or do we?
> (I don't imply that all other PHC candidates with a "Yes" in that column
> are necessarily side-channel resistant.  I merely noticed this one
> apparent error.  There might be more.)
> Thanks again,
> Alexander

The authors also got yescript wrong in this column, with a "no" for cache
timing resistance.  It obviously has the same cache timing resistance
characteristics as the other hybrid designs, which are labelled with
"maybe" rather than "no".


Content of type "text/html" skipped

Powered by blists - more mailing lists