lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 30 Sep 2014 18:03:08 +0530 From: Sweta Mishra <swetam@...td.ac.in> To: discussions <discussions@...sword-hashing.net> Subject: Rig version 2.0 Dear PHC mailing list members, Please find attached a new version of Rig (Rig version 2.0). The attachments contain a pdf document describing the design and its analysis, and an efficient implementation in the zip file. For the previous version of `Rig' we did not provide the optimized code as that time we did not realize the essence of this. From the discussion of PHC mailing list, we realize the requirement and hence have included an optimized version of `Rig'. The speed has significantly changed. For 512 MiB of memory consumption the speed is 835 MiB/sec. The changes from the previous version are mostly minor, as we did not intend to significantly change the design while the competition is running. Although, we did rewrite the description of Rig in more general terms. This allowed us to propose a new building block in the design, which we call 'BlackPerm' (for details, please see the document). Following are the items which differ in this version of Rig from the previous version: 1. There was a mismatch in the reference implementation and in the algorithm for the memory access with bit-reversal permutation. We have fixed the issue by adding few steps (line 19 to 22) in Algorithm 2. We want to thank Mr. Cox for his observations on this error in the previous version. 2. Input of initialization phase is changed from x=pwd||s||binary_{64}(n)||binary_{64}(l) to x=pwd||binary_{64}({pwd}_l)||s||binary_{64}(s_l)||binary_{64}(n)||binary_{64}(l). We want to thank Mr. Cox for this change, as he correctly observed collisions on different length password and salt in the previous version. 3. As per the suggestion of Mr. Cox, we modified our implementation of the bit-reversal permutation to be in "Catena style". 4. We have optimized the reference implementation and also provided another optimized version of `Rig' with detailed description and performance analysis. The performance figures show, to the best of our understading, that the memory consumption rate of 'Rig' is better than all other submissions at this moment. 5. More descriptive analysis for low-memory resistance is added. Proof for collision resistance of the design is also added. 6. We have added a reference to the latest cryptanalysis results on Blake2b from CT-RSA 2014. Few more references are also added. 7. Writing has been changed at a few places in the document. 8. The reference implementation is now available at https://github.com/arpanj/Rig (It is also attached in the zip file with this mail). 9. An acknowledgement section is added in the document. A list of all the changes is available in the Section 'ChangeLog' in the Appendix of the document. We would appreciate if this version can be considered from now on. We will be happy to answer any questions on the design. We take this opportunity to thank the PHC mailing list members for vibrant discussions on various issues related to password hashing and implementations. Regards, Sweta (on behalf of the 'Rig' team). Content of type "text/html" skipped Download attachment "Rig_v2.pdf" of type "application/pdf" (509083 bytes) Download attachment "Rig-master.zip" of type "application/zip" (455216 bytes)
Powered by blists - more mailing lists