lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <53F9CA73.7070705@ciphershed.org>
Date: Sun, 24 Aug 2014 07:20:19 -0400
From: Bill Cox <waywardgeek@...hershed.org>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Tradeoff cryptanalysis of password hashing schemes

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/23/2014 03:16 PM, Solar Designer wrote:
> They shouldn't have had that safety margin, or the scheme would
> have been suboptimal security-wise in another way!  For example, I
> actually criticized Lyra and Lyra2 papers for recommending T higher
> than 1, which I feel would make these use less memory than they
> optimally would.

This is a good point.  I only test Lyra2 with T of 1 because higher
values seem less secure to me.

It is probably better to ask authors to provide recommended parameters
for specific situations, such as authentication server settings, or
volume encryption settings, given specs of the machines and runtime goals.

I want to start benchmarking the candidates for volume encryption use.
 In this case, I could provide specific machine specs and a 1 second
runtime target.  That makes it a lot easier for authors to choose
parameters.

Bill
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJT+cpvAAoJEAcQZQdOpZUZY6YP/3IR+vf+oSaH8z0XBh6sPFTh
ayleFtZQ7/5knKXFCqHBJskxIp0/v2XVq7O9EQhq/Z3xKKpOcsVqxOMK9dc9udRv
xJHqQBXcEJrLgi1hJssrRdGTjtm29fGdgVBguBt3otT2J80dFwg9dwcfBbeq3/Jq
l7Bh6gAN5/KmfVuw0iucPojqeNiRp2vacB9rGjqsFHhryyP3Fkcwc7UeCLcLSEYq
K3mHdBadwRaamOq82gS66Csk55nj0pYmx1Syf5i8u7hNyO9pxCqpeDfaZ3gFjngj
q3vDDkszZ9S+tU2AIda9MgZD8qePw2B52hXYeZrKkjz+Ym789vvFAaYGadWR72ry
k50Q1xxuzOTOatCMdkVLj9BpPJkEsZS4zAseUftv7okcCW4a/MLKURw0VSWEyD27
4TMIgt3NNgVYwSqlya3YjcdR7BAdOCAGSgzml3Mec9EejRoMdRVECnFKorWAF/r3
KNzNhXQtwnuhzv95kuVLwTWZxVVEk91qsfYyU4Hn3E/oJ4s8wdm5lwn9VxMnYRYX
0FO4BqV7LWnTE0YOjcjgqsikCVOY0k8uQ9S59782KQ9PAN3bjwwBM5LA4ZVLArqn
wHrlc41VLJIq2aj83yJRCXXY5GYigys4bUwapVziC03ajqwTWqHMZ4qhxHT/shbA
YWT5BmyF30hJQBszvN3U
=GFSg
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ