lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 01 Oct 2014 22:20:05 -0400
From: Bill Cox <waywardgeek@...hershed.org>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Design Rationale and Security Analysis of PHC candidates

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dmitry has published some excellent work, but like me, he's not shy of
publishing poor work.  Several of his statements about both Lyra2 and
Yescrypt, as well as others, are lame.  GPU defense is only "claimed"
by Yescrypt?  Good one, Dmitry...

Obviously, he has no problem listing Lyra2 as "attacked" for minor
issues that the Lyra2 team has explained how they will correct, but he
forgot to mention my highly parallel attack on Argon, but in an email
reply says that they take that into account... does that somehow make
it OK?  Apparently, because he gives Argon his highest rating.

He lists "Basic Cryptography" as a strength for Argon, yet "claimed"
for Lyra2 and Yescrypt.  I'm sorry, but that's total BS.  It's really
messed up.

I can't take this analysis seriously.  His ASIC analysis was frankly
stupid, and this table of "Security Analysis" isn't much better.  If
Dmitry would like me to expand on this, I would be happy to, but
frankly, he should cut his losses.  I am looking forward to ripping
this stupid table if he really wants me to :-)

The Argon code is excellent, and I am forced to respect Dmitry as a
programmer.  Honestly, for me, that's what really counts.  He's good.
 However, I'm happy to debunk more of these dumb ratings he keeps making.

Bill
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJULLZRAAoJEAcQZQdOpZUZrLYP/3hj7t8N2ECdQedgTxzxhn4l
NOIJDE4JQ3s7sYLEk/CYuhT+NCPJDkS4lasV6s9Op4WkyOlRyRDGiE/5EygoasFv
YhqTYk6anKlOkCvjcKCdDxOOQVEEklbqCMXnisN7bGb0eebIc4SRDON4du9J9XGY
3+z7lbDqdrnhWwpm85qHzWh8is+CpA2CWWlr0s/tqFTpyS9DD6NJ258fyXS0N+Ep
CeNSCj1ge0XvSFyyYAFkH/VrRiKy+6HarhAE+LZ9r/J8o6lcdaDx7yTngVTFLHV9
kg568DWQX8janpTRJL2/BdAfPKuDN+pW1HnmpWYQ+VD0QYdkmfEpsHFljw0dFQe9
P0QdYHNRsWY1j+3KrmhkTlMG8/PfG0/quTnjFXpyVUgysmyVOrhhkutrKtM/NQeC
Xa0UL/7LKFQIOtnYv/4ym+DlxtRmD9gScR6NpIYt+Jrxwjp/ms/edlOhIgDE1aAH
oHhnu/l/N+emF4VCgAoAYn5/8/eO6maIGFpJC4mQTpANinZctU7ygg/JV19UAm9c
MAcPPxHb31PlxArLiqZB6tYkKo5o1Yyc7HfNNU0pfXUtHRDMIJ+vMPI+pnPTa2nt
f/DLvqb1pDEItPDNTl1rLp78sK4jubt014NFXpJtAOU1oyT31Jk8vWrcdW0lUvNm
kAZbrASqAahbMwSG9C5u
=vTOW
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists