| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 02 Sep 2014 10:55:44 -0400 From: Bill Cox <waywardgeek@...hershed.org> To: discussions@...sword-hashing.net Subject: Re: [PHC] A review per day - Schvrch -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/02/2014 09:27 AM, Krisztián Pintér wrote: > On Tue, Sep 2, 2014 at 3:20 PM, Bill Cox > <waywardgeek@...hershed.org> wrote: >> I am doing a *lot* of attacking PHC candidates right now, I >> personally would appreciate input checking, so I don't waste time >> showing that an entry is weak against invalid inputs. > > that is why i have asserts. they mainly serve documentation > purposes. however, it was not a requirement to provide self > documenting implementation. the submitted documentation should > serve as a reference. of course, self documenting code is nice to > have. > I saw that in your code and I appreciate it. My Gambit review will be easy because I considered my potential attacks last spring when I reviewed your code and tested my pebbler against it. I can do a up to almost an 8-to-1 TMTO against it, IIRC, but then there seems to be a solid wall against my pebbler. You and I have different views about the importance of an efficient hash function, but plug in Lyra2's sponge into Gambit and my concerns over cache-bound efficiency mostly go away. I'll just re-list my notes from back then. Gambit was one of the easier entries for me to work with. Bill -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUBdptAAoJEAcQZQdOpZUZr0oP/1P/6kCh8VdBy9zP+LBTTEY6 CLhKCHB8H6NXqa40enzWUMAcloYcHotORlFzobnRI8GevKLp0wnqKcxBFqaY5KvN HpWlVRapCSTtBeQf9qgkobUcm3M6/kDRGbLh2bPtRB5QU/sByZ1QKyXHeWQv6zYK 6szUxRr74bTs4a/l1NKSkiFalgbSDIk/OmUUsVLlmpS6lF1Cig0ydswzbIl293R/ D36XpqUvSPpTAJeVqv+U9zXMicSWjL16TsQGBSb02sy4Ikgoojg19j9uyEoSSEtI HGqnUGDTZnqhs42mStCGcfNRUn3YNZ2ESB9IFOsZumVgHKhisjz1ajYIeQ1zJZCe naSlfcT7MLilHksfjCcegjxCmG+taaVg121isbzSrmGQmTuX3ItZGzkybWLnQKsj ojLRJ5T/uwDH93WgFitjmtG3BirabThM9XLVCm88+6y9pSWqd0JdBLqs7cG5+N9N 51jtASKEpwY+9HO/Lp0CMWlnlPKhabKYh65DDQLMgM7m97Y3zILrlD2WjasGGwkt QaUOvuClUW+mwJLlurfpn2e6q8TEJkNsP+xW7N8pj7IPkCdsypLYacKopU/gCCgb hNbLNrfuRpJnTtLXSDv//vU1+1CVlahEZ2XSmTSMv89jousiwznPJdETzvaVzPs/ Vc6mjuHXUR2JcoQ1nk52 =JZ2E -----END PGP SIGNATURE-----
Powered by blists - more mailing lists