lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 10 Sep 2014 23:48:57 -0400
From: Bill Cox <waywardgeek@...hershed.org>
To: discussions@...sword-hashing.net, 
 "e >> CipherShed Developers List" <devs@...ts.ciphershed.org>
Subject: A review per day - Lanarea

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

As a long-time C coder, I do like the Lanarea source code.  The code
is well written, and coders who can write like this are welcome on my
C projects.  I have written some scathing reviews about code that
irritates me when I read it.  Any code written by an inexperience grad
student without proper code-review by his peers before I read it is
likely to get trashed in my review.  Fortunately, Lanarea is easy to
read and professionally written.  The Lanarea code, much like the
OmegaCrypt and PufferFish code, reads like talking to an old friend.
I imagine we have similar histories between these authors and me.

While I enjoy how well this code was written, I think the Lanarea
algorithm comes up short on some important points, particularly GPU
and ASIC defense.  There are no glaringly vulnerabilities I saw that
could let me attack it in constant time, but the goals the Lanarea
code seems to try to achieve aren't.  If I had to guess, I'd say that
an author who writes code so well but fails at defending well against
hardware attacks is most likely mostly a software guy, without deep
knowledge of GPU and ASIC attacks.

I'll write up my complaints about Lanarea's ASIC resistance tomorrow.
 Lanarea attempts to foil ASIC attacks, but fails pretty badly, though
not as badly as some I've reviewed...

I did read the Lanarea paper.  When I say that a paper is "weak", what
I mean is that it makes claims that do not seem to be backed up by the
code.  In particular, if an author claims his algorithm has property
X, when I can clearly see how to attack the algorithm because of it's
lack of X, I consider that weak.  Lanarea's paper is weak in this
regard with respect to ASIC and GPU resistance.

I'll post more tomorrow.  I hope I wont offend another good C coder
like the Lanarea author.  Good coding skill is something I respect
greatly.  However, I don't think he understands what is hard to do in
silicon well enough to get Lanarea where it needs to be.

Bill
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUERumAAoJEAcQZQdOpZUZSlwP/3DqfPSZrYOlUejrAwlDi1MT
FaWGREYFnqfsX0uNTiiNY2vsm4kZ2l1u6S+ljiGUhqwRHx0djjciQQGT6QjQPFTM
LggGjgng9CVbudfwXH6s+49llCQBUD1LDB2Km1Lv+8sJZYALRy2nZWKu0vzVLK21
M4l4GDLDZNjN4w7QMApGXMyvQCdDoiIAarYeNni3fWK+fWLdCX7cFZFKKrqfW9dy
Bd7DFoyvTqTHhetcpaBb4OxMbcTIkgMj9zz8gOS/JgBQcQc4eMd/SUQljcno1NYW
0xQ3PYO+k9XungSgbUCvdQPdV0QSCxsRzrvNXvaVZLfq6MHplGo1sc1njJtYJBRJ
WMv8qRqJMVY77PhBbKzcSoyGswqNw5sTQtD/3EfWy+iedaSJf+Fp8xhHLNvKOV4z
/eoPrHrBysTZIcRdodLxf70niwMcjLew+dmYvkE7lVMsJnlBC3I6L+xejgr7/wdB
h89oMcmAafI6vm3AYnWAk6e47AraHRdEk1WuO5O2t6kmM7JNLv8XmJAFE8IAyHTk
lG1F4mldbBk/kkMLpFb8Uf5tobrbASr8OFJlp2tgNLxR7x2OwYNGGLFgkZ6/7p6f
7HSudCsD6GpK34Z/SvLFTb2POOv8vFsWcZbDNPtFrbqnNria/X5eNSlFv1mU9PWG
FE9tfwmKF6gq6oLJSTVP
=SfrZ
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists