lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 02 Sep 2014 12:43:37 -0400
From: Bill Cox <waywardgeek@...hershed.org>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] A review per day - Schvrch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/02/2014 11:27 AM, Poul-Henning Kamp wrote:
> -------- In message <5405CAF0.1040001@...hershed.org>, Bill Cox
> writes:
> 
>> If the point is to show a new mathematical system for hashing,
>> then yes, I missed it.  I though the point was to write a secure
>> hash function :-)
> 
> It is.
> 
> But you seem to have misunderstood at least two things.
> 
> A) We are in the first "culling" round, we are not picking the 
> final winner yet.
> 
> The point is not to pick the strongest of the N variations over
> Colins prior art, but to cull the field of obviously chance-less
> and duplicative submissions, so that we can focus our attention on
> the remaining narrower field.
> 
> B) A good secure hash function consists of a mathematical basis and
> a packaging of that into usable code.
> 
> Submissions which present themselves as new and stronger
> packaging, (most of them in our case), shall be be judged on that
> aspect.
> 
> But if such a submission is based on the MD-FOO mathematical
> basis, which subsequently is shown to be shit, the submission
> doesn't fall, it can substitute MD-BAR mathematical basis in the
> same packaging framework and continue.

Fair enough.  In that case, judges should know that my reviews are on
based almost solely on the code.  In several cases, I only skimed the
paper.  In the case of Schvrch, I do not intend to even skim the
attached mathematical work until after I'm done with all the reviews.
If there is mathematical merit to Schvrch, then it probably belongs in
the next round.  However, I dispute the author's claim the *code* is
secure, when it clearly is not.  I also dispute his claims that the
weaknesses that have been found in is code so far are all wrong.

Entrants should judge my reviews knowing that it is based on the code
they submitted.  Based on the schvrch code, I feel like we showed it
is has unacceptable flaws months ago, and further discussions and
attacks on this code stopped.

However, I have to admit, today's attacks were a bit fun :-)  I hope
authors don't mind me having some fun with attacks, and try not to
take them personally.

Bill
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUBfO1AAoJEAcQZQdOpZUZHIsQAJv/3LroSKnqIfayr/tQhgMH
dwmE8DgprhiGfIgFfB62WDEUqOA9hl1s9J6qsnHHDi/T7pCaVfAfFJPyRYtKhGD6
234nXhmzOFFDeQ9sswrOcE8byfTWsFPn+f7nBcEysyG8OV9ForQReAlWiTV2lecC
gC1XouyWE6kI33EciU0hRNQlDpEqoCObtiOmYU+W2SaGTUUz0+BueL3PCWNANSm1
j4XQwOpP1qI6Q+s0OFCBnZIl7Ja4zDc9xyIA0kG5nFHx5zuBcvAy2P1aaCg2cdcH
zBICq7Ib+8jCKVkKVesQJQHVlUVefVYmFx6sRQnGsAn8U2SnP3Pnl5bRzpnQHfNP
vCHQ9X/83B7QFPHtfh090z+QQHUt4ymUl+kbwCRu1R91AhLAPCO63tw4kp54RIiN
5v+BV3TYkFWf8zBfmDHb5HCW2fp60Td5D8gfXXCG0N11EyXh84ac83R0RKA15dKz
7gibMNJhaz5dJhx6yIMMAlaMxb3SiiMUcPddMeMB264gSk2fSO2CAnETvDUYWL+3
IkWl0+NrrhZxmBkF/cb6dODXIvaogSE8m0/Bxc1+7m8k5CZegi+otivRNHR5BPXL
wvOOb4+Pgf3uM7Fbz7QrAfwsjucnODY2VaIhr+DHIeCf4P+ThfwgehEY8gIw12An
at3QoPCEUaE0uABJDs5M
=a6e0
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists