lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 02 Sep 2014 12:43:37 -0400
From: Bill Cox <>
Subject: Re: [PHC] A review per day - Schvrch

Hash: SHA1

On 09/02/2014 11:27 AM, Poul-Henning Kamp wrote:
> -------- In message <>, Bill Cox
> writes:
>> If the point is to show a new mathematical system for hashing,
>> then yes, I missed it.  I though the point was to write a secure
>> hash function :-)
> It is.
> But you seem to have misunderstood at least two things.
> A) We are in the first "culling" round, we are not picking the 
> final winner yet.
> The point is not to pick the strongest of the N variations over
> Colins prior art, but to cull the field of obviously chance-less
> and duplicative submissions, so that we can focus our attention on
> the remaining narrower field.
> B) A good secure hash function consists of a mathematical basis and
> a packaging of that into usable code.
> Submissions which present themselves as new and stronger
> packaging, (most of them in our case), shall be be judged on that
> aspect.
> But if such a submission is based on the MD-FOO mathematical
> basis, which subsequently is shown to be shit, the submission
> doesn't fall, it can substitute MD-BAR mathematical basis in the
> same packaging framework and continue.

Fair enough.  In that case, judges should know that my reviews are on
based almost solely on the code.  In several cases, I only skimed the
paper.  In the case of Schvrch, I do not intend to even skim the
attached mathematical work until after I'm done with all the reviews.
If there is mathematical merit to Schvrch, then it probably belongs in
the next round.  However, I dispute the author's claim the *code* is
secure, when it clearly is not.  I also dispute his claims that the
weaknesses that have been found in is code so far are all wrong.

Entrants should judge my reviews knowing that it is based on the code
they submitted.  Based on the schvrch code, I feel like we showed it
is has unacceptable flaws months ago, and further discussions and
attacks on this code stopped.

However, I have to admit, today's attacks were a bit fun :-)  I hope
authors don't mind me having some fun with attacks, and try not to
take them personally.

Version: GnuPG v1


Powered by blists - more mailing lists