lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <5400D7EE.9040207@ciphershed.org>
Date: Fri, 29 Aug 2014 15:43:42 -0400
From: Bill Cox <waywardgeek@...hershed.org>
To: discussions@...sword-hashing.net
Subject: A review per day - Tortuga

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here's a message from the author on April 15th:

http://comments.gmane.org/gmane.comp.security.phc/1583

He lists these weaknesses:

   v0 Weaknesses..
   * fails basic randomness tests
   * key scheduling is ad-hoc
   * effect of m_cost parameter is coarse
   * lacks a rigorous security argument

   v1 will address all of these weaknesses

SFAIK, we have not seen version v1, and v0 is still not in an
acceptable state.  I don't think there's anything else to say about
Tortuga unless there is a v1 version.

Bill
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUANfqAAoJEAcQZQdOpZUZZIQQAJSYnoHmiR6ANb1V+zUUEW3X
FYjgRGmhevhwHiPw5jQP39oeJd4n3P5TS3mT4qrGt9/aa/Iows/fl1OvDJgtwhak
r3al9vL9hpMpjmgnX+WNlXAqP9WpcGPBR3lIs+rTEd3pF1ovAqyQyAzMfey6/WwL
cSShArQsRrNb6LzUB6nHxH89qLFrqd/s8FAW+0uHqXu8zo2GFMNZ6ppCB0I/3WF3
j8/ojxFpi2jSkX4v2jFVyglZwLYaTbAWxud7uFNB/eUVjCuDjpUUr4bevHtasKam
BRY9XfkTrWe4iMaZnRuZRPICrIYMGtHKP0e9fuQY2syq00Ly0EF5ehre2e25rqnB
Hd9/NHCcVAcaOlyDvZHimKQ0cYFBN0nN2Q31mskICtJhCwCkDJkVI2VmzwalmqVK
PZMCRKrpAMweMjSUWhUhxf1JLXjZW6OTiZe1RHQmYZA1fGIgDeLbd9CGMX9ZiyQ8
DYCHByDeA7bw3PI9tJ09c4qSUkVVUoEbv5stqbESTrOvrwqdXT3N2mPiHxtLJEOi
KZ4glnG8rDjpeoWkzE9PLmMN+/PCW4t6BihLP4GurjIKwEeYjDZ6/KcRua73cV+f
zbX45oB/gwXr7xfrXrfZurFUKfHsmIztHe1hnT5WSbLstDKfDboe9CJInb28aDIl
LH7psRbjzN/M26F6iNIL
=ORqX
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ