lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 11 Feb 2015 14:02:56 -0800
From: Bill Cox <>
To: "" <>
Subject: Re: [PHC] PHC status report

I do not think that the concerns being voiced would have led to a different
final winner, though possibly a slightly different list for the 2nd round.
Gambit and RIG were passed over in favor of Catena.  If there is just one
spot for cache-timing resistant algorithms in the next round, then I agree
with the choice of Catena, even if you just look at the original call for
submissions.  RIG and Gambit are excellent entries, but I still would
choose Catena.  If there are only 2 spots for sequential-memory-hard
upgrades to Scrypt, then I also agree that Lyra2 and Yescrypt are the
correct choices, and my TwoCats entry should be left behind (as it was).  I
see that entries that occupy a novel space with no direct competitors are
also in the next round, such as Parallel and Makwa.  Should 2 strong
cache-timing resistant algorithms be in the second round?  Maybe, but not
if that meant that only one Scrypt-upgrade entry would be allowed, but now
I'm into a hotly debated area.  I certainly would have praised a finalist
list that included Catena and either Gambit or RIG.  There's no perfect
list, but this one is good.

If being on the panel gave anyone an advantage, I think it had minimal
impact on finalist selection.  Catena and Yescrypt published code way
before anyone else.  If there was an advantage gained, it might be a "first
mover" advantage, rather than being on the panel.  Parallel and Makwa had
no competition and dropping GPU based hashing or delegation-capable hashing
at this stage would be a mistake, IMO.  Some of the others that are "on the
bubble" could be in or out.  I can't point to any but one (which I wont
point out) that I was surprised to see as a finalist.  8 out of 9 being
good choices is better than I had hoped for, especially for this still
immature competition.  Honestly, I think the panel deserves kudos.  Good
work on this list.  Too bad so many good algorithms couldn't make it...
Maybe next time I'll be a finalist :-)


Content of type "text/html" skipped

Powered by blists - more mailing lists