lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 25 Dec 2014 14:02:20 +0100
From: Jean-Philippe Aumasson <>
Subject: Re: [PHC] Tweaks and scheme versions

Hi Dmitry,

we've indeed been flexible regarding submissions updates during the
first round. We evaluated the latest version rather the v0. For
finalists tweaks, we don't plan to be too strict, as long as the tweak
is clearly described, and with some reasonable rationale.


On Thu, Dec 25, 2014 at 1:08 PM, Dmitry Khovratovich
<> wrote:
> I have a question/proposal to the Committee and the designers.
> Since the submission deadline, quite many design teams submitted new
> versions of their schemes. The Committee did not evaluate how different the
> new versions are.
> Now, the Committee plans to accept only minor tweaks to the algorithm, with
> difference applied to the current version and the future one. I think that
> this approach is unfair to the designers who did not change the scheme
> significantly before now in order to withstand the third-party analysis and
> gain confidence. Indeed, the schemes that have changed substantially (for
> instance, Catena from v0 to v2), would be OK with only minor modifications,
> whereas Makwa and Yescrypt, for instance, can not produce v2 that would be
> as different to v0 as that of Catena.
> I propose that the tweaks be compared to the _original_ submission, namely
> v0. That would put all finalists in fair position. Otherwise everyone is
> tempted to submit yet another new version (say, v3) without calling it a
> tweak, and then submit a formal tweak with minor difference to v3.
> Final remark: I referenced to Catena as an example of a major change, which
> Catena-DBG clearly is. However, I may misunderstand the status of
> Catena-DBG. Is it supposed to replace the older Catena? The last sections of
> the design document (7 and 8) do not specify which version is used in which
> scenario. It would be helpful if Catena designers elaborate on this issue in
> one of emails, possibly independent of the proposal above.
> --
> Best regards,
> Dmitry Khovratovich

Powered by blists - more mailing lists