lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 02 Oct 2014 07:06:55 -0400
From: Bill Cox <waywardgeek@...hershed.org>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Design Rationale and Security Analysis of PHC candidates

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/02/2014 03:46 AM, Krisztián Pintér wrote:
> On Tue, Sep 30, 2014 at 1:12 PM, Dmitry Khovratovich 
> <khovratovich@...il.com> wrote:
>> https://www.cryptolux.org/images/4/4f/PHC-overview.pdf
> 
> one more question/observation: i don't understand the reason for 
> gambit's basic crypto being "claimed" as opposed to "explored",
> since it inherits these properties from the underlying sponge, in
> the proposed instance, keccak. what other exploration is needed?
> 

As you know, I'm not a fan of all of your ideas, but the basic
security of your entry is simply not in doubt.  Anyone who reads your
code can clearly see you have one of the most secure entries in terms
of basic crypto.  It may not be fast in it's current form, but it
certainly gets "basic crypto" right more than Argon, which writes the
password to memory and leaves it there for a long time!

Bill
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJULTHMAAoJEAcQZQdOpZUZ5pEP/3xBmlh+1q1meInr2h3EAmY8
/OXimPU6aVCN+wqzi5zzdNbWo9ahSYFiKLkr+a74jB7XrfiYHhpsPFVSNts9zr3w
Fzy5sszBM/iZO8e6sTQlYE8qOp0UFF5PSP2PFxxWsVPK64THxiLSCHNEpwc3e6km
VW83R+0aTwoOH2L1Hov6KmbuLQuQR5yS2zUBnOGdkAvjO1WAaduHL01Zwh1+74Qs
PtSvV7Hd1sZHkJOWi042tGr6cxm2EFsfdhBKyDq82EtOmmcH9I07En8xj80ZrmvX
ZUYLkfJ3rRubMAxDw790UwcdOpMg6bo3mr/R3tgJedaWHgKl5Fjwqcr8kyYT3UdW
UGLxlKhYstPd9gFwgccXVvkZjihVLhJSWTbQsJilFl/pEs6hxOEl8jUfGZWM2jk6
HEN7IetzSp9cldlkOFicvhFHH+XmZ5dlrLgMllWl6zGmzaFZMyOOd8jOQoR7piN7
tw0hRyuhYKAXz9SSY/R72idNi/FZ52VF11keXShAsdaVhHH4PL/SkBCWa98N9pqy
hvm8Eg2Tblmf2/MPGhclPh5im/SrTnYJYSAfKBvw/79cHGxsL3E8i2Q8yxc6p+y/
H9LFdI9TGQtXwqh6kSJ8zbiMVxGwi+9EoYQNVJBr0FS+U5ZKWMZUZyL7h02dZAdp
JIPpjWO8Xrg/Z0LBRyg8
=fGoj
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists