lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 2 Mar 2015 14:37:00 +0100
From: Krisztián Pintér <>
To: "" <>
Subject: Re: [PHC] PHC status report

On Mon, Mar 2, 2015 at 10:33 AM, Solar Designer <> wrote:

> As to your claim that "catena got a complete rewrite after a practical
> break", which would invalidate the maturity reasoning, I just don't know.
> This isn't "my category".  I'd appreciate comments from someone familiar
> with the Catena update.

there must be some misunderstanding here, because this update was a
huge event, so i doubt you don't know about it. i'm referring to the
original bit-reversal graph being successfully attacked by Dimitry
Kovratovich, and its subsequent replacement by double butterfly graph.
this change effectively throws all previous TMTO analysis out of the
window. TMTO proof is the sole advantage of catena, so this is hugely
important. catena is still in a better position than say gambit, which
does not have a TMTO proof at all. but it is the complete opposite of

> As already explained in here, the voting was part of the process, but it
> did not directly decide the selection (nor was it intended to).

it is very hard to say anything about the selection process, because
it is not public. so far i gathered the following information:

1, there was some private discussion, the extent or nature of which is not known
2, there was a voting, all panel members listed 5 to advance and 5 not
to advance. the votes are not public, the result is not public.
3, there was some additional discussion after this, the extent is not known
4, there was some final selection, which was either unanimous, or a
second voting round. nothing is known about this step.
5, there is a status report that lists ambiguous, vague and very
limited information that, in my view, does not validate the decision.
whether it is an accurate representation of all the information the
panel used is not clear.

> I think the submitters of Rig just didn't provide
> clear reasoning on why they thought Rig should have been selected over
> Catena and Gambit.  (I think you also didn't do that for Gambit.)

there was no discussion on the public forum about it. i did not know
about a discussion elsewhere. also, to tell if any algorithm is better
than the other, one needs data. i waited for summary and comparison
tables from the panel, that would give a clear overview of strengths
and weaknesses, performance numbers, etc. unfortunately it did not
happen. i don't think it is fair to blame me for not giving reasons. i
was not told to give any reasons, i didn't know the panel wants my
reasons. all reasons i gave is in the submission document, which
obviously can not contain any comparison with other candidates.

> I guess for two reasons: need permission from everyone who voted

let me guess, we will not learn which panel members don't give
permission either. the amount of secrecy surrounding this competition
blows my mind.

> contrary to what you
> say I wouldn't mind more original analysis by the panel

oh wait, i wouldn't mind either! i just said we can't expect panel
members to do that. if any panel member or the panel as a whole
decides to publish some analysis on any algorithms, it is of course
very much welcome!

Powered by blists - more mailing lists