lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 02 Oct 2014 08:47:37 -0400
From: Bill Cox <waywardgeek@...hershed.org>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Design Rationale and Security Analysis of PHC candidates

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/02/2014 06:50 AM, Dmitry Khovratovich wrote:
> The value "Explored" stands for the case when the designers
> actually try to mount a collision/preimage attack on their design
> and show why it fails

Sorry about my language in my previous post.

The paper, "Design Rationality and Security Analysis of PHC
Candidates: Overview", has very many incorrect statements, and the
table, showing Argon to be as good or better than every other entry in
every aspect considered except complexity, is based on nothing but the
author's incorrect opinion of his work compared to other entries.  No
proof whatsoever of any claim is presented.  It also ignores attacks
made on his entry, including my highly parallel attack that shows
Argon is not in it's current form safe for use.

As just one example, Gambit, which uses Keccak on all input parameters
to properly derive a cryptographically secure initial key, making it a
"strongly secure" entry, is listed as having only "claimed" basic
security.  Compared to Argon, which leaves the password in plain text
in memory for a long time, where it is likely to be written to disk,
Gambit has excellent "Basic cryptography".

I am not sure how to respond to papers like this that look
professional, but are nothing more than a sales pitch, when the
material being sold is highly insecure.  This follows a paper
described by the author as a proper "cryptanalysis", which uses ASICs
that require Unobtainium to build.

Bill
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJULUlmAAoJEAcQZQdOpZUZrKMQAKbBnfOjmk7KemaL9nevLApD
wF4BjidVu8TBRpX18dRNTx2Is045zipuexPjGVk1wYaPX3wmzmdqz6D1VADyC/vZ
F5JlhTI9A9/fkfgwzH8ZjPqtB0S5ok5oUftduVOjt7VUEIqOcGTI7W6scMg5/iwv
iFfAnRdctKaWmpDv0idGs9N8sS8Titor+dyLL76JTzEKIwHUrpO4V0t38zfHZ9Ta
lRm9jMiF/uUpcStTbrQUQt0twZDRdu+jNRkB0dctUVpy3wgwl8ryn/a0pNsIsbFs
KYopmcvpMGoM7N7xjry/EV+dVSrc5sDKOLQl2YgL2BoXvTjTX2WQx/wtr/cyi8b+
mziOEIDhn/x3EXz6A6qzivEts9NNTmU8JUc6swxqXh3G0D3V8Uc42MUDpwGXsnjP
kYJBEtbSjZ1HUTUO47RcipJXSp5O2xs5idb4Be1s3WTMwQFNOYLTWYDI9Bgu0uyP
Z1mldGmE6r284Z1rW5M8AD4xbnENYkqRPPp8sDMfDYfj+OQcZJJbOwCtvpfSA4Wc
ODUHrFET9WHdZpnNlmFDknDUgjXuOzdII64zbwsxl1dveaeFPT/W19Q6nKFWzcTy
R1AaVEf3EG8gb7h6hv2tubBa3gdPc8VHDVUjyzNaMGx9WWtUjGNW3Rw09WQUeSn2
GVBT2iGEGsMtcu2+NrrT
=Ctem
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists