lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <54172B28.3080608@ciphershed.org>
Date: Mon, 15 Sep 2014 14:08:40 -0400
From: Bill Cox <waywardgeek@...hershed.org>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Schvrch is broken

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/15/2014 01:05 PM, Steve Thomas wrote:
>> On September 14, 2014 at 11:06 PM Rade Vuckovac
>> <rade.vuckovac@...il.com> wrote:
>> 
>> Regarding time cost
>> 
>> As it stays (more details is needed perhaps) the statement about
>> PHC_Fast does not pass a basic logic.  Since PHS_Fast function is
>> allegedly time constant function it means that the time cost is
>> indifferent factor. In other words only input which is varied
>> through the initial search is the password. That leads that
>> PHC_Fast function, without even inspecting inner working 
>> (treating it as a black box) has multiple outputs for the same
>> input???
>> 
> 
> I guess I should of just posted code in my first message: 
> https://github.com/Sc00bz/break-schvrch
> 
> This takes about 3 minutes to run. With SSE or AVX it will be
> faster but this is a nice PoC. Note that the generation only needs
> to be done once per m_cost and once for each t_cost when m_cost is
> zero.
> 

Wow, you're good!  Really good... You considered *this* code too ugly
to post?  Generating the XORs and compiling them totally beats the
speed of what I was going to do (compute them on the fly as matrices).
 I see that I need to try and be an even more evil attacker :-)

While I have had some fun in attacks on this algorithm, it does bother
me that you've written over 500 lines of excellent code where I see no
bugs in order to attack a 117 line program with a lot of bugs.  At
least we got to practice our attack skills.

Bill
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUFyslAAoJEAcQZQdOpZUZNQ0P/iuTOzvcK6xbh4tsQ5XqX4tu
xeyGIJ2wnDsq3qQdPg8qq/EGaPnawnsyFR4ET94mzylJ5VMdfJ+jD8aHUOpnCZbw
4xUnWKK+hL1bEKCVDc5wIp4NXa/enjiZdC6ow6NyDqpHAM27HgRjWodoPd/jY0/E
ppB7rlATj99Wfiyr223O7MQrIppxhRROkQbSq3LI/+xdyk/fj1ug84F0RTxBTSvS
eoaDc/wPDvH2UT5U13kQn5EHt3Gh1Qyig4L8IwviEB6/ZgyZn1XNvKr6bco1HiPe
/bGFRYcCrT3dXds1u0SLUaVAVog3p+n2Asuf5vIovis/eGjdzAecZDfjN9GG7CQd
4HC8ymdXqSH3lxRmV1ZYK3nDnOO/TohCfu2pAVNN2zKhucv922zsHKHk9L+OMkPL
DBXneqn+NMl3FHddMKO+2038MUW5IpbYm6UD/azrnonpjUJ4gSCPdNGCppa3GweO
VhYmFgdQKN3bBWqSrnb432WnHjiNykMTGfrkMtFyG5AlnPUfpLAMIJQ5i9pdkmme
VZWALeMl/pOcYZYb7L3diTuP1qkQIG1gf7K0mpUMfEzO0RZJObyxUTMpYhgWGfwK
IgbxjdhRRV/OjI6IZlq/yZv1kizg0zeOrX/PP/FfESZG+yJSdItAk3jGdUAy9B6D
ypaiedncncCql0t9CL1B
=9kje
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ