lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 25 Dec 2014 13:08:39 +0100
From: Dmitry Khovratovich <>
To: "" <>
Subject: Tweaks and scheme versions

I have a question/proposal to the Committee and the designers.

Since the submission deadline, quite many design teams submitted new
versions of their schemes. The Committee did not evaluate how different the
new versions are.

Now, the Committee plans to accept only minor tweaks to the algorithm, with
difference applied to the current version and the future one. I think that
this approach is unfair to the designers who did not change the scheme
significantly before now in order to withstand the third-party analysis and
gain confidence. Indeed, the schemes that have changed substantially (for
instance, Catena from v0 to v2), would be OK with only minor modifications,
whereas Makwa and Yescrypt, for instance, can not produce v2 that would be
as different to v0 as that of Catena.

I propose that the tweaks be compared to the _original_ submission, namely
v0. That would put all finalists in fair position. Otherwise everyone is
tempted to submit yet another new version (say, v3) without calling it a
tweak, and then submit a formal tweak with minor difference to v3.

Final remark: I referenced to Catena as an example of a major change, which
Catena-DBG clearly is. However, I may misunderstand the status of
Catena-DBG. Is it supposed to replace the older Catena? The last sections
of the design document (7 and 8) do not specify which version is used in
which scenario. It would be helpful if Catena designers elaborate on this
issue in one of emails, possibly independent of the proposal above.

Best regards,
Dmitry Khovratovich

Content of type "text/html" skipped

Powered by blists - more mailing lists