lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 7 Sep 2014 16:50:04 -0500
From: Jeffrey Goldberg <>
Subject: Re: [PHC] A review per day - skipping Makwa

On 2014-09-04, at 5:51 AM, Bill Cox <> wrote:

> Sorry, but I'm not qualified to comment on the mathematical strengths
> or weaknesses of Makwa.

For an excellent overview of Makwa, you can look at Thomas Pornin’s
talk at PasswordsCon.

I am even less able to comment on the math, other than the fact that once
I read up on it I found it really cool.That squaring over Quadratic Residues
is a permutation is one of those remarkably counter-intuitive results that
makes me wish I’d studied Algebra. 

I was initially skeptical of delegation, as it seems like adding a great
deal of complexity for a feature of limited use. But the more I think
about the fact that a busy authentication server can delegate allows the
defender to allocate resources in a way that isn’t constrained by so many
of the annoying practical constraints that typically apply solely to the

> It is not a
> memory-hard password hashing scheme, which I consider to be a
> weakness, and also why there's not much for me to review. 

I agree that the lack of memory hardness may well kill the bear (Makwa),
there is enough unique solid stuff in Makwa that I would like to see it
or its ideas continue to be considered. (I’m not on the committee; I’m not
qualified to be on the committee; and perhaps “wow, that is really cool
math” is not the best of reasons to select something.)



Download attachment "signature.asc" of type "application/pgp-signature" (236 bytes)

Powered by blists - more mailing lists