| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 10 Sep 2014 23:48:57 -0400 From: Bill Cox <waywardgeek@...hershed.org> To: discussions@...sword-hashing.net, "e >> CipherShed Developers List" <devs@...ts.ciphershed.org> Subject: A review per day - Lanarea -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 As a long-time C coder, I do like the Lanarea source code. The code is well written, and coders who can write like this are welcome on my C projects. I have written some scathing reviews about code that irritates me when I read it. Any code written by an inexperience grad student without proper code-review by his peers before I read it is likely to get trashed in my review. Fortunately, Lanarea is easy to read and professionally written. The Lanarea code, much like the OmegaCrypt and PufferFish code, reads like talking to an old friend. I imagine we have similar histories between these authors and me. While I enjoy how well this code was written, I think the Lanarea algorithm comes up short on some important points, particularly GPU and ASIC defense. There are no glaringly vulnerabilities I saw that could let me attack it in constant time, but the goals the Lanarea code seems to try to achieve aren't. If I had to guess, I'd say that an author who writes code so well but fails at defending well against hardware attacks is most likely mostly a software guy, without deep knowledge of GPU and ASIC attacks. I'll write up my complaints about Lanarea's ASIC resistance tomorrow. Lanarea attempts to foil ASIC attacks, but fails pretty badly, though not as badly as some I've reviewed... I did read the Lanarea paper. When I say that a paper is "weak", what I mean is that it makes claims that do not seem to be backed up by the code. In particular, if an author claims his algorithm has property X, when I can clearly see how to attack the algorithm because of it's lack of X, I consider that weak. Lanarea's paper is weak in this regard with respect to ASIC and GPU resistance. I'll post more tomorrow. I hope I wont offend another good C coder like the Lanarea author. Good coding skill is something I respect greatly. However, I don't think he understands what is hard to do in silicon well enough to get Lanarea where it needs to be. Bill -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUERumAAoJEAcQZQdOpZUZSlwP/3DqfPSZrYOlUejrAwlDi1MT FaWGREYFnqfsX0uNTiiNY2vsm4kZ2l1u6S+ljiGUhqwRHx0djjciQQGT6QjQPFTM LggGjgng9CVbudfwXH6s+49llCQBUD1LDB2Km1Lv+8sJZYALRy2nZWKu0vzVLK21 M4l4GDLDZNjN4w7QMApGXMyvQCdDoiIAarYeNni3fWK+fWLdCX7cFZFKKrqfW9dy Bd7DFoyvTqTHhetcpaBb4OxMbcTIkgMj9zz8gOS/JgBQcQc4eMd/SUQljcno1NYW 0xQ3PYO+k9XungSgbUCvdQPdV0QSCxsRzrvNXvaVZLfq6MHplGo1sc1njJtYJBRJ WMv8qRqJMVY77PhBbKzcSoyGswqNw5sTQtD/3EfWy+iedaSJf+Fp8xhHLNvKOV4z /eoPrHrBysTZIcRdodLxf70niwMcjLew+dmYvkE7lVMsJnlBC3I6L+xejgr7/wdB h89oMcmAafI6vm3AYnWAk6e47AraHRdEk1WuO5O2t6kmM7JNLv8XmJAFE8IAyHTk lG1F4mldbBk/kkMLpFb8Uf5tobrbASr8OFJlp2tgNLxR7x2OwYNGGLFgkZ6/7p6f 7HSudCsD6GpK34Z/SvLFTb2POOv8vFsWcZbDNPtFrbqnNria/X5eNSlFv1mU9PWG FE9tfwmKF6gq6oLJSTVP =SfrZ -----END PGP SIGNATURE-----
Powered by blists - more mailing lists