lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 02 Sep 2014 09:49:36 -0400
From: Bill Cox <waywardgeek@...hershed.org>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] A review per day - Schvrch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/02/2014 02:49 AM, Poul-Henning Kamp wrote:
> -------- In message
> <CAG+Gt9ZwKnCamXQEPP2iFSmN1HO6nBC8wqdg8QHQsS_o6BxLkQ@...l.gmail.com>
>
> 
, Rade Vuckovac writes:
> 
> I think Bill missed the point about Schvrch *big* time.
> 
> Cryptography is at its foundation about finding ways to mix up
> bits, to make them unrecognizable without loosing their entropy.
> 
> Once you dive into it, the actual palette of tools at our disposal 
> is much smaller than most people realize, and many of those tools 
> are even specific variants of more general tools from the same 
> palette.
> 
> Schvrch adds an entirely new tool to the palette -- no mean feat.
> 
> I have no idea how Bill could overlook this, but my guess is that 
> the compactness of what was proposed and the lack of orthodox 
> encryption primitives deceived him into not paying proper
> attention.
> 
> He should.
> 
> Schvrch was one of the submissions which made PHC worth the effort
> for me.
> 
> Schvrch's mathematical pedigree lists both Von Neumann[1] and 
> Wolfram, both were fascinated and frustrated by the seemingly 
> unlimited complexity arising out of trivially simple rules.
> 
> That of course is no guarantee of cryptographic utility.  Only
> time and analysis will tell if Schvrch's new tool is any good.
> 
> But Bills dismissal of mathematics which frustrated both Von
> Neumann and Wolfram as "just XORs states together" and concluding
> that "not much effort went into it" is not even wrong.
> 
> Poul-Henning
> 
> [1] The paper inexplicably fails to credit him.

I am not dismissing the mathematics.

I am only carefully reviewing the *code*.  The Schvrch attached paper
(not the actual submission for the PHC) may be wonderful, but I have
not read it.  If the point is to show a new mathematical system for
hashing, then yes, I missed it.  I though the point was to write a
secure hash function :-)

However, a new mathematical hashing framework is cool.  If the author
would work with guys who understand a bit about password hashing, he
might come up with a great algorithm.  However, he clearly did not,
and Schvrch does nothing to defend against common attacks.  Unlike
other authors on the list (POMELO for example), the Schvrch author did
not seem interested in hearing about how to fix his algorithm from
this list.  That's why I said we should just skip it.

Bill
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUBcrsAAoJEAcQZQdOpZUZDagQAJg/roY+oR10CCMhSBxGeeDz
5XHhnANOsk5eDTI2dd8cIMQaOZDY/c3EyzF8TXN6Ps16Tm3/E7KDVI+2FARKm3KU
+fnCSoy/H84IK2cBMwnoSBhdWsP3AXSkQbdQPsCZ2XCc/YcTJs5xuOpmUjXya7Rc
CC7/2HqJgDYEeTS6LqkZddKCvGYjFC9ohhCoFGNSKNSMAkcWyxp3il0EQvLCeU13
xbWt/yHPUhAmZ+OjO/FRQcpOa0mxEl2HipRCK2+QhvWdl89YDXH8rFfvqh3ZKjUI
4ohCGWVzCyX0xzf0Dkga/CXjlxCzGL1x1aujzM78AmKxeE3QfYSuJ7sv2bc9zm3C
dBYjzMVyvO4BB7jjl5SDKZJ/kqGgYrO6IGt/KYt0jp77AHtA7NI3XFfQou+kstep
PLSIhdt9yEXFIN+P0l+m9YXvc7KTobEOltDyBCOhMKbCVq6cE8pQDM3nzF+hmdiw
PegSI3/BcbTftVxoROumuYmocFIWXv0nLc3oa6Jic6Fsq6SfZS97NJHEgB/D/u01
T2hK63EUbSc96FSvPvE2giUAZkWez6E34UGZzAOQGnOTNVOEZHU2ukOmwpLwbADX
5YkbgAOxZSH0w7DXlbpoIWVB8V8uLChyiHNRE00TeAd1xH8L2RFvYdh+o+/Kslp3
aRdST4GuTtFgFwdutlI5
=4ICT
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists