lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAOLP8p7XR0vOoo1zXyPW2X5ekNhkZKP-waFZSgFRpUAVn-LVQQ@mail.gmail.com>
Date: Mon, 8 Dec 2014 17:53:10 -0500
From: Bill Cox <waywardgeek@...il.com>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>
Subject: Re: [PHC] PHC finalists announcement

On Mon, Dec 8, 2014 at 2:30 PM, Jean-Philippe Aumasson <
jeanphilippe.aumasson@...il.com> wrote:

> On behalf of the PHC panel, I'm happy to announce the finalists:
>
> Argon
> battcrypt
> Catena
> Lyra2
> Makwa
> Parallel
> POMELO
> Pufferfish
> yescrypt
>

This is a pretty good list, IMO.  Congratulations to the finalists!

A theme I think I see here is originality, which between Catena and
Yescrypt I suspect explains why TwoCats didn't make it.  The same maybe can
be said of some other good entries which I am sad to see dropped, but we
can't keep them all.

While I agree that these are good finalist choices, I hope some of the
judges found it hard to drop some of these:

RIG - a faster Catena with some good original ideas that improve on it
Gambit - A simpler, faster, and potentially more TMTO resistant
cache-timing-resistant algorithm than Catena, showing off the Keccak sponge
EARWORM - Soooo close to being a fantastic yet simple authentication server
algorithm

I am also sad to see the many-execution-path defense entries such as
Antcrypt and Omega Crypt off the list, though I feel they did not make a
strong enough case for this approach to win in the end.  The entries which
primarily showcase some cool idea, such as Schvrch and PolyPassHash are
gone as well.  Both are cool.

I feel this smaller list does a pretty decent job of targeting four areas:

- Scrypt replacement: Lyra2 and Yescrypt
- Bcrypt replacement: Battcrypt and Pufferfish
- Cache timing resistance: Catena
- Cool new ideas too important to drop: Makwa and Parallel

It's been a super-fun contest!

Bill

Content of type "text/html" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ