lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 29 Aug 2014 18:01:07 -0400
From: Bill Cox <>
Subject: A review per day - RIG

Hash: SHA1

As far as I can tell, RIG is a quick rewrite of Catena, using Lyra2's
hash function, and Gambit's XOR-ing over data.  The combination is
original, but that's all.  If the paper said, "We have combined these
three good ideas and thing the result is superior", then I would be OK
with it.  For example, someone needs to plug Lyra2's ultra-fast sponge
into Gambit.  Mixing ideas is fine.  I just think it's weird pasting
three ideas from the forum together without crediting the sources
properly.  It almost seems like they attempted to obfuscate their
sources.  The paper and code are all original (mostly), so there's no
plagiarism here.  You can't copyright an idea.  However, it's
offensive to use other's ideas and pretend they are your own.  All
that is needed to fix RIG, IMO, is some proper credit to where they
got their ideas, and a rewrite of their paper to be less dick-ish.

For example, here's a statement in the RIG paper:

"Therefore, it is recommended in [6] to have password-independent
memory access patterns for a password hashing scheme. We have
attempted to follow this requirement using bit reversal permutation."

Why not credit Catena for the bit reversal pattern while they were at
it?  Did they actually rip off Lyra2's hash function and not give them
credit?  Multiple entries use the XOR-ing thing, so I have less
trouble with that, but it follows a pattern...

RIG's single-round Blake2b hash function happens to be identical to
what Lyra2 uses.  They either both copied the exact same text from the
exact same source, or RIG's hash function was actually copied from Lyra2.

The XOR-ing over memory is an idea from Gambit that we talked about
quite a bit.  Now that I've found that writing to a memory location
just read from is quite fast compared to writing to a different
location, I am a fan.

Anyway, I feel RIG = Catena + Lyra2's hash + Gambit's XOR.  This is
likely a good combination, but I have to feel for the Catena, Lyra2,
and Gambit authors when their work is not credited properly.  I
haven't done much analysis of the RIG code because it bothers me to
read it... for example the memory swapping algorithm that the Catena
guys invented fairly recently is there...

Anyway, RIG is the last entry I'm posting about today!

Version: GnuPG v1


Powered by blists - more mailing lists