lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 12 Sep 2014 08:01:14 -0400
From: Bill Cox <waywardgeek@...hershed.org>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Schvrch is broken

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/12/2014 12:04 AM, Steve Thomas wrote:
> Huh so there's a lot of reading I need to do on this list. I think
> Bill is writing a novel. Which is awesome I'm not complaining. :(
> Bill found the constant time attack when m_cost = 0 too. Dang he
> found the bug on line 107 too. OK done reading, this is a new
> attack.
> 
> 
> Bug in the code line 107: state[j] = memstate[j * (i + 1)]; should
> be state[j] ^= memstate[j * (i + 1)];

Well, I only got to Lanarea, and I'm running out of gas!  If you want
to help finish these reviews, I would certainly appreciate it!

The stuff I stopped doing to attack Yescrypt through Lyra2 in reverse
alphabetical order has me in trouble at the moment on my real work,
family life, and the CipherShed project...

Bill
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUEuCGAAoJEAcQZQdOpZUZMx8QAKdWJKlUT2VTeRw+NcbKCS0G
Feb0Ru2HfO9MIvenFcAahleCHMuALreJ6coetoMLHilOAzG/g/oFZVsM+JRyfCX6
++hnnSo7essnqtPFdIGcdJKpqA077rIJ1bpEfLmqoFRxQG/vMauqE7YGuEMVd3DL
/uiJw3cjigZSNe4YZrTf6Kv/PFsviwEeZaF4LK0AM4E5ZFFhN84Vwchn05HjsKn8
TZJPNuDejypzoa1TkGKBLRvsvEkhUILO8NP+N3oJg9wpy2njji/pNvGHGZ2Nqk3C
AwIMkmpO4ye+g6PLyX8+5JO+ZRb+qbyMdPS6AvDohCV9cpUXaLAPDSCBhtEAen2T
r2fFyBUDv6K7z9lKPML/wErJY5xiSNUKvhn9V3D5pIiR1E7oNE7960lISeL2KbQ/
37gCjYLwpUNabo4++6+lUGtSYhkutSRUWbvpiMIp2rsAZSExMEet69SFXNkwlike
LyjfoxPiDLPomM5JGCyTlBrHKgCBJkD8RjPDBcxmM40Hy3EbW5mvmBfBMQOfw4IZ
cDHD7voziHg3prohIQiPdDmY5nQYXhjrXa3xXMlddlm/MGT8AbAkVpMZRg2j/8/n
tyPq8PU8cC78503H83/cKAFp7zSGYBoOqmzZpWpUiCo9QN5NkIyWfpRecJUlueHf
G5fKt2h3AI/hltxjeSLy
=mW+L
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists