lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 9 Feb 2015 18:24:39 +0300
From: Solar Designer <solar@...nwall.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] PHC status report

Hi,

This is a personal reply on an issue I feel I readily have a comment on.
Not a reply on behalf of the panel.

On Mon, Feb 09, 2015 at 03:38:02PM +0200, Somitra Sanadhya wrote:
> 1. The document mentions that the decision was "Based on the discussions on
> the public and private mailing lists ....". I am curious to know what were
> the discussions in the "private mailing lists". Shouldn't they be in public
> already ? Further, if the decision used these "private mailing lists", is
> it not not unfair to the 2nd round candidate designs whose authors are not
> in the panel ? Clearly, the panelists whose designs are advancing have some
> more knowledge about the analysis which is not accessible to others.

This was actually my biggest concern about possible biases, and one of
the reasons why I chose to be on the panel despite of intending to make
my own submission - to personally ensure we do bring any new analysis to
the public list in a timely fashion.

For the submissions we (later) ended up selecting as finalists, there
were two such occasions.  For POMELO:

http://thread.gmane.org/gmane.comp.security.phc/2214

(and I think this actually affected how POMELO was tweaked).

For Makwa:

http://thread.gmane.org/gmane.comp.security.phc/2073

I also recall asking Steve to post this on PolyPassHash, which he did:

http://thread.gmane.org/gmane.comp.security.phc/2070

(although we ended up not selecting PolyPassHash as a finalist).

And yes, there was not that much new analysis by the panel members.
I hope there will be more of it now, focusing on the (tweaked)
finalists - and I hope it will be posted right to the public list (or
I'll be asking for it to be brought in here).

Alexander

Powered by blists - more mailing lists