lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 02 Sep 2014 10:55:44 -0400
From: Bill Cox <waywardgeek@...hershed.org>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] A review per day - Schvrch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On 09/02/2014 09:27 AM, Krisztián Pintér wrote:
> On Tue, Sep 2, 2014 at 3:20 PM, Bill Cox
> <waywardgeek@...hershed.org> wrote:
>> I am doing a *lot* of attacking PHC candidates right now, I
>> personally would appreciate input checking, so I don't waste time
>> showing that an entry is weak against invalid inputs.
> 
> that is why i have asserts. they mainly serve documentation
> purposes. however, it was not a requirement to provide self
> documenting implementation. the submitted documentation should
> serve as a reference. of course, self documenting code is nice to
> have.
> 

I saw that in your code and I appreciate it.  My Gambit review will be
easy because I considered my potential attacks last spring when I
reviewed your code and tested my pebbler against it.  I can do a up to
almost an 8-to-1 TMTO against it, IIRC, but then there seems to be a
solid wall against my pebbler.  You and I have different views about
the importance of an efficient hash function, but plug in Lyra2's
sponge into Gambit and my concerns over cache-bound efficiency mostly
go away.  I'll just re-list my notes from back then.  Gambit was one
of the easier entries for me to work with.

Bill
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUBdptAAoJEAcQZQdOpZUZr0oP/1P/6kCh8VdBy9zP+LBTTEY6
CLhKCHB8H6NXqa40enzWUMAcloYcHotORlFzobnRI8GevKLp0wnqKcxBFqaY5KvN
HpWlVRapCSTtBeQf9qgkobUcm3M6/kDRGbLh2bPtRB5QU/sByZ1QKyXHeWQv6zYK
6szUxRr74bTs4a/l1NKSkiFalgbSDIk/OmUUsVLlmpS6lF1Cig0ydswzbIl293R/
D36XpqUvSPpTAJeVqv+U9zXMicSWjL16TsQGBSb02sy4Ikgoojg19j9uyEoSSEtI
HGqnUGDTZnqhs42mStCGcfNRUn3YNZ2ESB9IFOsZumVgHKhisjz1ajYIeQ1zJZCe
naSlfcT7MLilHksfjCcegjxCmG+taaVg121isbzSrmGQmTuX3ItZGzkybWLnQKsj
ojLRJ5T/uwDH93WgFitjmtG3BirabThM9XLVCm88+6y9pSWqd0JdBLqs7cG5+N9N
51jtASKEpwY+9HO/Lp0CMWlnlPKhabKYh65DDQLMgM7m97Y3zILrlD2WjasGGwkt
QaUOvuClUW+mwJLlurfpn2e6q8TEJkNsP+xW7N8pj7IPkCdsypLYacKopU/gCCgb
hNbLNrfuRpJnTtLXSDv//vU1+1CVlahEZ2XSmTSMv89jousiwznPJdETzvaVzPs/
Vc6mjuHXUR2JcoQ1nk52
=JZ2E
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists