lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 27 Aug 2014 18:34:19 -0400
From: Bill Cox <waywardgeek@...hershed.org>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Worst of PHC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/27/2014 05:53 PM, Krisztián Pintér wrote:
> 
> Tony Arcieri (at Tuesday, August 26, 2014, 11:39:07 PM):
> 
>> but I am completely at a loss to pick clear losers.
> 
> 
> if you want to cop out, you can choose ones with non-general,
> niche uses, and suggest moving them to a special section.

Interesting... I separated the entries into "solid" and "weak", based
on whether I feel they advance the state of the art in a significant
way.  Both Catena and Gambit make the cut, but most don't, IMO.
Script and Bcrypt set the bar pretty high, IMO.

While clearly Catena and Gambit advance the state of the art (RIG does
not - it's mostly a rip-off of Catena without even giving Catena
credit), I might say that an algorithm that runs much slower than
Script, only single-threaded, more or less cache bound, with low
resistance to ASIC (and likely GPU) brute-force attacks, but with a
unique quality (cache-timing attack resistance) not seen in other
algorithms, is a niche algorithm.  I think you might want to re-think
advising the PHC judges to put niche algorithms on their stinkers list :-)

Bill
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJT/lznAAoJEAcQZQdOpZUZlOQP/383wOvHH15FYZYNHA1j0U0Q
rUh19s2NDSHKE7vI9yUzhvsckw3HoaC7jCXjWV6cYeR5Ot8X1jbAQXZD260WEN9N
C7YibPaIkKDCT3V6BZKyxbdCed4cIO4Z/y6pr0uoUhwlzPAp0tX6IxWNx+eF9w7e
E9xfQK5ka2N8PC8YHnyp3q1dPk/J3u1CQjcsPnPKPTAj9kVyyGC8usKgQbgmendd
ccxdYIiEb1xUwOjigNveHbj7RddhJBjKNLvJJ+CA6Zs881j+LVhlJMpS+3FtW2bE
vefnMou/za66jRvsd/n0wJz9xP5l7smE3a1tpVRTKMyfHvIy2SfgtUB5JU7r1FMx
AtPt7ApS2q6LCLPpsz/iOBFCZmcXRu+upK2bMT8OCPNdCVCrOhUNILjYazqCidOu
7XwoPrV5y/kSDD6942C8vpnvj5FuGfLK8We/mSBvjcGQw89906dFEEq6jJ+H0tP7
/0TLqmFzMQ7+jZvSw34U4Sv3cfK4ncCENSI8+jYm0B6LOKe6QEVBZnR1PNpQ8Z7p
g6EYG7QMCbhEJTVzCGPjjNkKke3R2eMSTIKFDkJvbKngC3TlBMUAAFwAXOUWhEj0
fdTbAiYOzP8IFgyYvbObUQLA92YoVgjG9BstHVH29LXIQ7RLG6945OyC4fqD9vF6
DbU4lfo3L/q7bfR1fxid
=2vty
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists