lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 10 Feb 2015 10:26:30 +0100
From: Krisztián Pintér <>
To: "" <>
Subject: Re: [PHC] PHC status report

On Mon, Feb 9, 2015 at 4:24 PM, Solar Designer <> wrote:
> And yes, there was not that much new analysis by the panel members.

the panel's job was not to provide new analysis. the panel's job was
to collect and summarize information about candidates, evaluate all of
them from each aspect. then create some sort of selection method or
scoring system, and apply to the data.

it either didn't happen or not public. the published document does not
meet even the weakest expectations.

look at catena for example. "Well-motivated design" - the other
candidates are not? "convincing theoretical framework" - what does
that even mean? weasel words. the only real point there is TMTO
analysis. but how other candidates score on this? we don't know, it is
not told.

or here is Gambit: "Similar to Catena," - in what sense? i see no
similarity. " but a less mature design" - weasel words. "potentially
worse ASIC resistance (due to the use of Keccak)" - potentially? and
in what sense? the cost comes from the memory, not the primitive. and
what is its score/relevance in the final scoring or evaluation? what
is the weight of ASIC resistance in the overall scheme of things? we
don't know, not from the analysis.

Powered by blists - more mailing lists