| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 02 Sep 2014 12:43:37 -0400 From: Bill Cox <waywardgeek@...hershed.org> To: discussions@...sword-hashing.net Subject: Re: [PHC] A review per day - Schvrch -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/02/2014 11:27 AM, Poul-Henning Kamp wrote: > -------- In message <5405CAF0.1040001@...hershed.org>, Bill Cox > writes: > >> If the point is to show a new mathematical system for hashing, >> then yes, I missed it. I though the point was to write a secure >> hash function :-) > > It is. > > But you seem to have misunderstood at least two things. > > A) We are in the first "culling" round, we are not picking the > final winner yet. > > The point is not to pick the strongest of the N variations over > Colins prior art, but to cull the field of obviously chance-less > and duplicative submissions, so that we can focus our attention on > the remaining narrower field. > > B) A good secure hash function consists of a mathematical basis and > a packaging of that into usable code. > > Submissions which present themselves as new and stronger > packaging, (most of them in our case), shall be be judged on that > aspect. > > But if such a submission is based on the MD-FOO mathematical > basis, which subsequently is shown to be shit, the submission > doesn't fall, it can substitute MD-BAR mathematical basis in the > same packaging framework and continue. Fair enough. In that case, judges should know that my reviews are on based almost solely on the code. In several cases, I only skimed the paper. In the case of Schvrch, I do not intend to even skim the attached mathematical work until after I'm done with all the reviews. If there is mathematical merit to Schvrch, then it probably belongs in the next round. However, I dispute the author's claim the *code* is secure, when it clearly is not. I also dispute his claims that the weaknesses that have been found in is code so far are all wrong. Entrants should judge my reviews knowing that it is based on the code they submitted. Based on the schvrch code, I feel like we showed it is has unacceptable flaws months ago, and further discussions and attacks on this code stopped. However, I have to admit, today's attacks were a bit fun :-) I hope authors don't mind me having some fun with attacks, and try not to take them personally. Bill -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUBfO1AAoJEAcQZQdOpZUZHIsQAJv/3LroSKnqIfayr/tQhgMH dwmE8DgprhiGfIgFfB62WDEUqOA9hl1s9J6qsnHHDi/T7pCaVfAfFJPyRYtKhGD6 234nXhmzOFFDeQ9sswrOcE8byfTWsFPn+f7nBcEysyG8OV9ForQReAlWiTV2lecC gC1XouyWE6kI33EciU0hRNQlDpEqoCObtiOmYU+W2SaGTUUz0+BueL3PCWNANSm1 j4XQwOpP1qI6Q+s0OFCBnZIl7Ja4zDc9xyIA0kG5nFHx5zuBcvAy2P1aaCg2cdcH zBICq7Ib+8jCKVkKVesQJQHVlUVefVYmFx6sRQnGsAn8U2SnP3Pnl5bRzpnQHfNP vCHQ9X/83B7QFPHtfh090z+QQHUt4ymUl+kbwCRu1R91AhLAPCO63tw4kp54RIiN 5v+BV3TYkFWf8zBfmDHb5HCW2fp60Td5D8gfXXCG0N11EyXh84ac83R0RKA15dKz 7gibMNJhaz5dJhx6yIMMAlaMxb3SiiMUcPddMeMB264gSk2fSO2CAnETvDUYWL+3 IkWl0+NrrhZxmBkF/cb6dODXIvaogSE8m0/Bxc1+7m8k5CZegi+otivRNHR5BPXL wvOOb4+Pgf3uM7Fbz7QrAfwsjucnODY2VaIhr+DHIeCf4P+ThfwgehEY8gIw12An at3QoPCEUaE0uABJDs5M =a6e0 -----END PGP SIGNATURE-----
Powered by blists - more mailing lists