lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CA+hr98HnbKprV-sGExLCue8Zg8mH_x8d1egje-wAV2UhkYY2Ew@mail.gmail.com> Date: Mon, 2 Mar 2015 14:37:00 +0100 From: Krisztián Pintér <pinterkr@...il.com> To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net> Subject: Re: [PHC] PHC status report On Mon, Mar 2, 2015 at 10:33 AM, Solar Designer <solar@...nwall.com> wrote: > As to your claim that "catena got a complete rewrite after a practical > break", which would invalidate the maturity reasoning, I just don't know. > This isn't "my category". I'd appreciate comments from someone familiar > with the Catena update. there must be some misunderstanding here, because this update was a huge event, so i doubt you don't know about it. i'm referring to the original bit-reversal graph being successfully attacked by Dimitry Kovratovich, and its subsequent replacement by double butterfly graph. this change effectively throws all previous TMTO analysis out of the window. TMTO proof is the sole advantage of catena, so this is hugely important. catena is still in a better position than say gambit, which does not have a TMTO proof at all. but it is the complete opposite of "mature". > As already explained in here, the voting was part of the process, but it > did not directly decide the selection (nor was it intended to). it is very hard to say anything about the selection process, because it is not public. so far i gathered the following information: 1, there was some private discussion, the extent or nature of which is not known 2, there was a voting, all panel members listed 5 to advance and 5 not to advance. the votes are not public, the result is not public. 3, there was some additional discussion after this, the extent is not known 4, there was some final selection, which was either unanimous, or a second voting round. nothing is known about this step. 5, there is a status report that lists ambiguous, vague and very limited information that, in my view, does not validate the decision. whether it is an accurate representation of all the information the panel used is not clear. > I think the submitters of Rig just didn't provide > clear reasoning on why they thought Rig should have been selected over > Catena and Gambit. (I think you also didn't do that for Gambit.) there was no discussion on the public forum about it. i did not know about a discussion elsewhere. also, to tell if any algorithm is better than the other, one needs data. i waited for summary and comparison tables from the panel, that would give a clear overview of strengths and weaknesses, performance numbers, etc. unfortunately it did not happen. i don't think it is fair to blame me for not giving reasons. i was not told to give any reasons, i didn't know the panel wants my reasons. all reasons i gave is in the submission document, which obviously can not contain any comparison with other candidates. > I guess for two reasons: need permission from everyone who voted let me guess, we will not learn which panel members don't give permission either. the amount of secrecy surrounding this competition blows my mind. > contrary to what you > say I wouldn't mind more original analysis by the panel oh wait, i wouldn't mind either! i just said we can't expect panel members to do that. if any panel member or the panel as a whole decides to publish some analysis on any algorithms, it is of course very much welcome!
Powered by blists - more mailing lists