lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 02 Sep 2014 09:49:36 -0400
From: Bill Cox <>
Subject: Re: [PHC] A review per day - Schvrch

Hash: SHA1

On 09/02/2014 02:49 AM, Poul-Henning Kamp wrote:
> -------- In message
> <>
, Rade Vuckovac writes:
> I think Bill missed the point about Schvrch *big* time.
> Cryptography is at its foundation about finding ways to mix up
> bits, to make them unrecognizable without loosing their entropy.
> Once you dive into it, the actual palette of tools at our disposal 
> is much smaller than most people realize, and many of those tools 
> are even specific variants of more general tools from the same 
> palette.
> Schvrch adds an entirely new tool to the palette -- no mean feat.
> I have no idea how Bill could overlook this, but my guess is that 
> the compactness of what was proposed and the lack of orthodox 
> encryption primitives deceived him into not paying proper
> attention.
> He should.
> Schvrch was one of the submissions which made PHC worth the effort
> for me.
> Schvrch's mathematical pedigree lists both Von Neumann[1] and 
> Wolfram, both were fascinated and frustrated by the seemingly 
> unlimited complexity arising out of trivially simple rules.
> That of course is no guarantee of cryptographic utility.  Only
> time and analysis will tell if Schvrch's new tool is any good.
> But Bills dismissal of mathematics which frustrated both Von
> Neumann and Wolfram as "just XORs states together" and concluding
> that "not much effort went into it" is not even wrong.
> Poul-Henning
> [1] The paper inexplicably fails to credit him.

I am not dismissing the mathematics.

I am only carefully reviewing the *code*.  The Schvrch attached paper
(not the actual submission for the PHC) may be wonderful, but I have
not read it.  If the point is to show a new mathematical system for
hashing, then yes, I missed it.  I though the point was to write a
secure hash function :-)

However, a new mathematical hashing framework is cool.  If the author
would work with guys who understand a bit about password hashing, he
might come up with a great algorithm.  However, he clearly did not,
and Schvrch does nothing to defend against common attacks.  Unlike
other authors on the list (POMELO for example), the Schvrch author did
not seem interested in hearing about how to fix his algorithm from
this list.  That's why I said we should just skip it.

Version: GnuPG v1


Powered by blists - more mailing lists