lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 29 Oct 2014 21:27:47 -0700
From: epixoip <epixoip@...dshell.nl>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Overview of PHC Candidates and Garbage-Collector Attacks

On 10/29/2014 7:42 PM, Solar Designer wrote:
> Hi Jakob et al.,
>
> On Wed, Oct 29, 2014 at 06:38:26PM +0100, Jakob Wenzel wrote:
>> under the following link you can find an overview of all PHC
>> candidates which are not yet withdrawn:
>>
>> https://eprint.iacr.org/2014/881.pdf
>>
>> It focuses on comparing general and security properties. Moreover, it
>> formally introduces the two attack types garbage-collector attacks and
>> weak garbage-collector attacks. For each candidate, we argue why it
>> provides resistance against these attack types or we actually show an
>> attack.
>
> yescrypt does support server relief - only a tiny pre-final hash needs
> to be transmitted to the server.  (Moreover, it also supports use in a
> straightforward modification of SCRAM.)

The same is true for pufferfish as well, which is also marked as not
supporting server relief. The blowfishy part can be done client side and
transmitted to the server, and the server stores the final SHA512 hash.
I've been wanting to formally add a javascript implementation to the
reference implementation, but my javascript is weak.


Powered by blists - more mailing lists