lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 23 Mar 2015 17:18:20 +0100
From: Jakob Wenzel <>
Subject: Re: [PHC] PHC: survey and benchmarks

Hash: SHA1

On 23.03.2015 17:10, Bill Cox wrote:
> On Mon, Mar 23, 2015 at 9:00 AM, Jakob Wenzel 
> < <>> 
> wrote:
> On 23.03.2015 16:45, Bill Cox wrote:
>> Hopefully they will take some feedback for corrections.  They 
>> mistakenly call Yescrypt non-RAM hard and lump it with Makwa.
>> They did not test it with significant men size either...
>> On Mar 23, 2015 7:08 AM, "Jean-Philippe Aumasson" 
>> < 
>> <> 
>> <
> <>>> wrote:
>> This just appeared:
> Hi all,
> thanks to the authors for the benchmarking paper. Nevertheless, we 
> do not agree with the results for Catena since the authors in the 
> paper did not consider the current version of Catena (Catena v3.1) 
> which can be found here:
They refer to the version from December 2014 which does not contain
> the latest tweaks such as: - reduced-round version of blake - 
> additional random layer - changed initialization phase - removed 
> SHA-512 from the parameter recommendations for the underlying hash 
> function - ...
> They also ignored the instance Catena-DBG, which was already 
> mentioned in the ePrint version. Before this paper will be used in 
> the decision process for the winner of the PHC, we would kindly
> asked the authors to analyze the latest version of Catena (Catena
> v3.1).
> Best regards, Jakob (on behalf of the Catena design team)
> They similarly used older versions of Yescrypt, Lyra2, Argon, and 
> others, if I am not mistaken.  I think this is no big deal for the
>  non-finalists, but  the paper should be updated to reflect the 
> current state of all the finalists.

They just mentioned in their conclusion:

"We survey the first round results of the competition [...]"

This might be ok. But they also wrote:

"We contribute to the final selection of the winners by highlighting
the efficiency of each finalist in terms of execution time, memory
consumption and code size."

Which does not make much sense since only the current versions are
considered for the choice of the winner(s).

> It is nice to see some new independent analysis, though :-)

Of course. It is always good to see that more and more people are
analyzing PHC candidates!


- -- 
Jakob Wenzel
Research Assistant
Chair of Media Security (Prof. Lucks)
Bauhausstra├če 11 (Room 217)
99423 Weimar
Version: GnuPG v1


Powered by blists - more mailing lists