lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 2 Mar 2015 17:53:05 +0300
From: Solar Designer <solar@...nwall.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] PHC status report

On Mon, Mar 02, 2015 at 02:37:00PM +0100, Kriszti??n Pint??r wrote:
> On Mon, Mar 2, 2015 at 10:33 AM, Solar Designer <solar@...nwall.com> wrote:
> 
> > As to your claim that "catena got a complete rewrite after a practical
> > break", which would invalidate the maturity reasoning, I just don't know.
> > This isn't "my category".  I'd appreciate comments from someone familiar
> > with the Catena update.
> 
> there must be some misunderstanding here, because this update was a
> huge event, so i doubt you don't know about it.

Yes, a misunderstanding: I am not saying I don't know what you're
referring to.  I could guess.  I am saying I don't know the details of
it, so I defer to others to comment on this aspect.  In particular, I
have no opinion on how huge an event or not this was.  I've heard a
claim before (IIRC, from you on this list?) that this was a
more-than-a-tweak change that we accepted outside of the tweaks period
(or so I interpreted what you(?) wrote).  If anyone on the panel or
otherwise would like to publicly address these claims, they should.
I won't, because it's not my area.

> i'm referring to the
> original bit-reversal graph being successfully attacked by Dimitry
> Kovratovich, and its subsequent replacement by double butterfly graph.
> this change effectively throws all previous TMTO analysis out of the
> window. TMTO proof is the sole advantage of catena, so this is hugely
> important. catena is still in a better position than say gambit, which
> does not have a TMTO proof at all. but it is the complete opposite of
> "mature".

Thank you for clarifying your position on this.

> > As already explained in here, the voting was part of the process, but it
> > did not directly decide the selection (nor was it intended to).
> 
> it is very hard to say anything about the selection process, because
> it is not public. so far i gathered the following information:
> 
> 1, there was some private discussion, the extent or nature of which is not known
> 2, there was a voting, all panel members listed 5 to advance and 5 not
> to advance. the votes are not public, the result is not public.
> 3, there was some additional discussion after this, the extent is not known
> 4, there was some final selection, which was either unanimous, or a
> second voting round. nothing is known about this step.
> 5, there is a status report that lists ambiguous, vague and very
> limited information that, in my view, does not validate the decision.
> whether it is an accurate representation of all the information the
> panel used is not clear.

I agree the lack of transparency is unfortunate.  Your summary above
makes it easy to make some quick clarifications, so I will:

In 2, many, but not all, panel members voted.  In particular, panel
members with their own submissions were not eligible to vote.  And some
others happened not to vote.  But there were nevertheless enough votes
to focus the discussion in 3.

There was no second voting round.  Instead, when we got close to
selecting the finalists, shortlists were discussed.  In the end, no one
on the panel had objections to the list of 9 finalists (which implied
non-selection of the rest).

The status report obviously does not list "all" of the information the
panel used.  Just the primary reasons why the finalists were selected,
and why the non-finalists were not selected.

> > I think the submitters of Rig just didn't provide
> > clear reasoning on why they thought Rig should have been selected over
> > Catena and Gambit.  (I think you also didn't do that for Gambit.)
> 
> there was no discussion on the public forum about it. i did not know
> about a discussion elsewhere. also, to tell if any algorithm is better
> than the other, one needs data. i waited for summary and comparison
> tables from the panel, that would give a clear overview of strengths
> and weaknesses, performance numbers, etc. unfortunately it did not
> happen. i don't think it is fair to blame me for not giving reasons. i
> was not told to give any reasons, i didn't know the panel wants my
> reasons. all reasons i gave is in the submission document, which
> obviously can not contain any comparison with other candidates.

This is valid criticism, and something I thought of myself a while ago.
The panel could have done a better job by requesting specific reasoning
from the submitters.  I did not mean to blame you.

> > I guess for two reasons: need permission from everyone who voted
> 
> let me guess, we will not learn which panel members don't give
> permission either. the amount of secrecy surrounding this competition
> blows my mind.

At this point, we didn't even ask each and every panel member for the
permission.  I think it's up to JP to do that if he chooses to, as he
helps keep the panel organized.  I won't.

> > contrary to what you
> > say I wouldn't mind more original analysis by the panel
> 
> oh wait, i wouldn't mind either! i just said we can't expect panel
> members to do that. if any panel member or the panel as a whole
> decides to publish some analysis on any algorithms, it is of course
> very much welcome!

Oh, I had misunderstood you, then.

Alexander

Powered by blists - more mailing lists