lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 23 Mar 2015 09:10:42 -0700
From: Bill Cox <waywardgeek@...il.com>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>
Subject: Re: [PHC] PHC: survey and benchmarks

On Mon, Mar 23, 2015 at 9:00 AM, Jakob Wenzel <jakob.wenzel@...-weimar.de>
wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 23.03.2015 16:45, Bill Cox wrote:
> > Hopefully they will take some feedback for corrections.  They
> > mistakenly call Yescrypt non-RAM hard and lump it with Makwa.
> > They did not test it with significant men size either...
> >
>
> > On Mar 23, 2015 7:08 AM, "Jean-Philippe Aumasson"
> > <jeanphilippe.aumasson@...il.com
> > <mailto:jeanphilippe.aumasson@...il.com>> wrote:
> >
> > This just appeared: http://eprint.iacr.org/2015/265
> >
>
> Hi all,
>
> thanks to the authors for the benchmarking paper. Nevertheless, we do
> not agree with the results for Catena since the authors in the paper
> did not consider the current version of Catena (Catena v3.1) which can
> be found here:
>
>
> http://www.uni-weimar.de/fileadmin/user/fak/medien/professuren/Mediensicherheit/Research/Publications/catena-v3.1.pdf
>
> They refer to the version from December 2014 which does not contain
> the latest tweaks such as:
>  - reduced-round version of blake
>  - additional random layer
>  - changed initialization phase
>  - removed SHA-512 from the parameter recommendations for the underlying
>    hash function
>  - ...
>
> They also ignored the instance Catena-DBG, which was already mentioned
> in the ePrint version. Before this paper will be used in the decision
> process for the winner of the PHC, we would kindly asked the authors
> to analyze the latest version of Catena (Catena v3.1).
>
> Best regards,
> Jakob
> (on behalf of the Catena design team)
>
>
> They similarly used older versions of Yescrypt, Lyra2, Argon, and others,
if I am not mistaken.  I think this is no big deal for the non-finalists,
but  the paper should be updated to reflect the current state of all the
finalists.

It is nice to see some new independent analysis, though :-)

Content of type "text/html" skipped

Powered by blists - more mailing lists