lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 10 Sep 2014 23:48:57 -0400
From: Bill Cox <>
 "e >> CipherShed Developers List" <>
Subject: A review per day - Lanarea

Hash: SHA1

As a long-time C coder, I do like the Lanarea source code.  The code
is well written, and coders who can write like this are welcome on my
C projects.  I have written some scathing reviews about code that
irritates me when I read it.  Any code written by an inexperience grad
student without proper code-review by his peers before I read it is
likely to get trashed in my review.  Fortunately, Lanarea is easy to
read and professionally written.  The Lanarea code, much like the
OmegaCrypt and PufferFish code, reads like talking to an old friend.
I imagine we have similar histories between these authors and me.

While I enjoy how well this code was written, I think the Lanarea
algorithm comes up short on some important points, particularly GPU
and ASIC defense.  There are no glaringly vulnerabilities I saw that
could let me attack it in constant time, but the goals the Lanarea
code seems to try to achieve aren't.  If I had to guess, I'd say that
an author who writes code so well but fails at defending well against
hardware attacks is most likely mostly a software guy, without deep
knowledge of GPU and ASIC attacks.

I'll write up my complaints about Lanarea's ASIC resistance tomorrow.
 Lanarea attempts to foil ASIC attacks, but fails pretty badly, though
not as badly as some I've reviewed...

I did read the Lanarea paper.  When I say that a paper is "weak", what
I mean is that it makes claims that do not seem to be backed up by the
code.  In particular, if an author claims his algorithm has property
X, when I can clearly see how to attack the algorithm because of it's
lack of X, I consider that weak.  Lanarea's paper is weak in this
regard with respect to ASIC and GPU resistance.

I'll post more tomorrow.  I hope I wont offend another good C coder
like the Lanarea author.  Good coding skill is something I respect
greatly.  However, I don't think he understands what is hard to do in
silicon well enough to get Lanarea where it needs to be.

Version: GnuPG v1


Powered by blists - more mailing lists