lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 02 Sep 2014 15:27:16 +0000
From: "Poul-Henning Kamp" <phk@....freebsd.dk>
To: discussions@...sword-hashing.net, Bill Cox <waywardgeek@...hershed.org>
Subject: Re: [PHC] A review per day - Schvrch

--------
In message <5405CAF0.1040001@...hershed.org>, Bill Cox writes:

>If the point is to show a new mathematical system for
>hashing, then yes, I missed it.  I though the point was to write a
>secure hash function :-)

It is.

But you seem to have misunderstood at least two things.

A) We are in the first "culling" round, we are not picking the
   final winner yet.

The point is not to pick the strongest of the N variations
over Colins prior art, but to cull the field of obviously
chance-less and duplicative submissions, so that we can focus
our attention on the remaining narrower field.

B) A good secure hash function consists of a mathematical basis
   and a packaging of that into usable code.

Submissions which present themselves as new and stronger packaging,
(most of them in our case), shall be be judged on that aspect.

But if such a submission is based on the MD-FOO mathematical basis,
which subsequently is shown to be shit, the submission doesn't fall,
it can substitute MD-BAR mathematical basis in the same packaging
framework and continue.

Likewise, Schvrch and a few other submissions offer themselves to
the competition as new mathematical foundations for hashing, and
they shall be judged as such, not on the minimal packaging offered
for demo-purposes.

Your dismissal of Schvrch was *entirely* based on the packaging,
and you totally ignored the proffered substance of the submission

The author is fully justified in being pissed off IMO.
 
That said:  I fully agree with you that the packing of Schvrch is
shit.  If it makes it to the next round, that's going to need a lot
of work, because when we get to the finals, we'll judge everybody
on both math and packaging.

However, if the mathematical basis Schvrch offers holds up in
analysis, it would not be inconceiveable that the eventual winner
could be the packaging from some other submission, with Schvrch
supplying the mathematical basis.

Poul-Henning

--
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@...eBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.

Powered by blists - more mailing lists