[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <BB2A0C52-0D97-406C-AF46-5119BB75A963@goldmark.org>
Date: Sun, 7 Sep 2014 16:50:04 -0500
From: Jeffrey Goldberg <jeffrey@...dmark.org>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] A review per day - skipping Makwa
On 2014-09-04, at 5:51 AM, Bill Cox <waywardgeek@...hershed.org> wrote:
> Sorry, but I'm not qualified to comment on the mathematical strengths
> or weaknesses of Makwa.
For an excellent overview of Makwa, you can look at Thomas Pornin’s
talk at PasswordsCon.
http://youtu.be/9j3WfvOj-IQ?list=PLdIqs92nsIzRFk0OCN_uQiOkgtPiNk2mv
I am even less able to comment on the math, other than the fact that once
I read up on it I found it really cool.That squaring over Quadratic Residues
is a permutation is one of those remarkably counter-intuitive results that
makes me wish I’d studied Algebra.
I was initially skeptical of delegation, as it seems like adding a great
deal of complexity for a feature of limited use. But the more I think
about the fact that a busy authentication server can delegate allows the
defender to allocate resources in a way that isn’t constrained by so many
of the annoying practical constraints that typically apply solely to the
defender.
> It is not a
> memory-hard password hashing scheme, which I consider to be a
> weakness, and also why there's not much for me to review.
I agree that the lack of memory hardness may well kill the bear (Makwa),
there is enough unique solid stuff in Makwa that I would like to see it
or its ideas continue to be considered. (I’m not on the committee; I’m not
qualified to be on the committee; and perhaps “wow, that is really cool
math” is not the best of reasons to select something.)
Cheers,
-j
Download attachment "signature.asc" of type "application/pgp-signature" (236 bytes)
Powered by blists - more mailing lists