lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 02 Oct 2014 10:25:54 -0400
From: Bill Cox <waywardgeek@...hershed.org>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Design Rationale and Security Analysis of PHC candidates

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On 10/02/2014 08:02 AM, Thomas Pornin wrote:
> On Thu, Oct 02, 2014 at 12:50:31PM +0200, Dmitry Khovratovich
> wrote:
>> The value "Explored" stands for the case when the designers
>> actually try to mount a collision/preimage attack on their design
>> and show why it fails. It is not the best possible option:
>> ideally, one would provide some sort of security proof that
>> reduces the security of the mode of operation (which the hashing
>> scheme is) to the security of the underlying primitive, and thus
>> get the grade "Verified" or "Proven".
> 
> In that case, I'll claim that "proven" status for Makwa.

Seconded.  The Makwa algorithm is proven as secure as integer
factoring, with the only serious complaint being that the factors need
to be carefully scrubbed from existence if we are concerned about
attackers finding them.

Several other entries have also proven their basic security, like
Yescrypt, through "strongly secure" hashing of all inputs with a
strong existing cryptographic primitive, and a proof that significant
entropy is not lost.  If you like, I can go back through my reviews
and point out the entries that have secure basic cryptography, and
which ones need more expert review than I can provide, which are those
that invented new hashing primitives, and then rely on them for security.

Bill
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIbBAEBAgAGBQJULWBvAAoJEAcQZQdOpZUZ6PsP+Lt7trJ/5LfLrwvNKjcCwk1Y
v27C46ZKckZO2c1N21FdnC9GyO1rhSkfMGzL2h98b9vxCU7qUTbRD6dQMamdUdKm
4n4aKhgD7MQkGOHlTQio5lXVrPa6Q1Ud0qe0ZHf0gq3zi4C9OI0wesPis0pobPzf
jSxe6k3o/aGzOF3zBoEC3g1Bjjwq0dRfizpxf+GKn8fc4AfdGLK3blbxLwugjqA6
dCKCCZik4ynVCt/cWe9xsgCVyAhzvC9pPiSFyKXtOSQqHuK5RRDRwyCU3gJWJW4A
JK9IFwKZT11PSn2ARhwJjA+GxoNDfsD0j/LTgpb9jKl1Dng5gHPmKfT6GAZsamWS
QiNP3P9fzbMMdCSNQQZ8Ho2Ub1Kbg25f1A/UEdElx+svwuPXXLpkx8LMVs5Htnd0
HXQUEo0jsDWOxvkPe/Aheix9EfFYNBbIooBgcVIp98lVsYJMz7xp7D1F9HfPCW9Q
HCyxATjj24TP7VEKlSfs5Dv3OkHv7BudfQF/Et+3VSrB331CpUSX2vOWSHNhNy++
biz/4jbytJuFmAjpG//CYjEQ8StQwLYtiMLfRxgiOx4WCNPZLV/VmT/BsEClTsjG
n6FOPTowPkE13PyU+zT/qyRC+tgieprfcY8b2uSaYZElJVnncdbkj/LCZ8SusvmV
6OR94SdCB4mL3slADFM=
=uPck
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists