| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 30 Sep 2014 18:03:08 +0530
From: Sweta Mishra <swetam@...td.ac.in>
To: discussions <discussions@...sword-hashing.net>
Subject: Rig version 2.0
Dear PHC mailing list members,
Please find attached a new version of Rig (Rig version 2.0). The
attachments contain a pdf document describing the design and its analysis,
and an efficient implementation in the zip file.
For the previous version of `Rig' we did not provide the optimized code as
that time we did not realize the essence of this. From the discussion of
PHC mailing list, we realize the requirement and hence have included an
optimized version of `Rig'. The speed has significantly changed. For 512
MiB of memory consumption the speed is 835 MiB/sec.
The changes from the previous version are mostly minor, as we did not
intend to significantly change the design while the competition is running.
Although, we did rewrite the description of Rig in more general terms. This
allowed us to propose a new building block in the design, which we call
'BlackPerm' (for details, please see the document).
Following are the items which differ in this version of Rig from the
previous version:
1. There was a mismatch in the reference implementation and in the
algorithm for the memory access with bit-reversal permutation. We have
fixed the issue by
adding few steps (line 19 to 22) in Algorithm 2. We want to thank Mr. Cox
for his observations on this error in the previous version.
2. Input of initialization phase is changed from
x=pwd||s||binary_{64}(n)||binary_{64}(l) to
x=pwd||binary_{64}({pwd}_l)||s||binary_{64}(s_l)||binary_{64}(n)||binary_{64}(l).
We want to thank Mr. Cox for this change, as he correctly observed
collisions on different length password and salt in the previous version.
3. As per the suggestion of Mr. Cox, we modified our implementation of the
bit-reversal permutation to be in "Catena style".
4. We have optimized the reference implementation and also provided another
optimized version of `Rig' with detailed description and performance
analysis.
The performance figures show, to the best of our understading, that the
memory consumption rate of 'Rig' is better than all other submissions at
this moment.
5. More descriptive analysis for low-memory resistance is added. Proof for
collision resistance of the design is also added.
6. We have added a reference to the latest cryptanalysis results on Blake2b
from CT-RSA 2014. Few more references are also added.
7. Writing has been changed at a few places in the document.
8. The reference implementation is now available at
https://github.com/arpanj/Rig (It is also attached in the zip file with
this mail).
9. An acknowledgement section is added in the document.
A list of all the changes is available in the Section 'ChangeLog' in the
Appendix of the document.
We would appreciate if this version can be considered from now on. We will
be happy to answer any questions on the design.
We take this opportunity to thank the PHC mailing list members for vibrant
discussions on various issues related to password hashing and
implementations.
Regards,
Sweta (on behalf of the 'Rig' team).
Content of type "text/html" skipped
Download attachment "Rig_v2.pdf" of type "application/pdf" (509083 bytes)
Download attachment "Rig-master.zip" of type "application/zip" (455216 bytes)
Powered by blists - more mailing lists