lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 15 Feb 2015 21:34:58 +0100 (CET) From: Stefan.Lucks@...-weimar.de To: discussions@...sword-hashing.net Subject: Re: [PHC] PHC status report On Sat, 14 Feb 2015, D. J. Bernstein wrote: > NIST required a "recommended" set of parameters. I recommended a set of > parameters that heavily prioritized conservativism over speed [...] With *your* *recommended* sets of parameters, CubeHash was absurdly slow. I understand, what the NIST saw in CubeHash, and I actually agree with the decision to keep CubeHash in the secon round of SHA-3. CubeHash was a cool design! BTW, it is a pity that you preferred a formal version (meeting the tweaked security requirements, but absurdly slow) and a recommended version (fast enough, but badly failing even the tweaked security requirements), rather than submitting a proper tweak that did address the concerns raised by the NIST in the first-round report. > [...] If you're going to accuse NIST of ignoring its own rules then you > should focus on the rules that they actually published, not the rules > that you wish they had published instead. The initial rules required approximately 2^512. Later, the rule was tweaked to accept 2^480 or more as an approximation for 2^512. I am sure you can find plenty of lawyers who will credibly argue that 2^480 is a reasonable approximation of 2^512. But good luck with finding plenty of scientists who agree with calling that an "approximation". ;-) In any case, the story of CubeHash is off-topic for this list, so I won't discuss it any more, here. I am willing to discuss my ideas for a CubeHash tweak with you, the next time we meet in person. ;-) So long Stefan ------ I love the taste of Cryptanalysis in the morning! ------ uni-weimar.de/de/medien/professuren/mediensicherheit/people/stefan-lucks --Stefan.Lucks (at) uni-weimar.de, Bauhaus-Universität Weimar, Germany--
Powered by blists - more mailing lists