lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CA+hr98HR+EW29XgNSOomX6jy2cAL5P1V9Rqc4SJJ==_w4tySjQ@mail.gmail.com> Date: Tue, 31 Mar 2015 13:24:47 +0200 From: Krisztián Pintér <pinterkr@...il.com> To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net> Subject: Re: [PHC] Another PHC candidates "mechanical" tests (ROUND2) On Tue, Mar 31, 2015 at 5:11 AM, Hongjun Wu <wuhongjun@...il.com> wrote: > Eventually it turns out that a number of second round candidates need to cut > the round number significantly. I feel that it is no longer true that > those PHC candidates are based on strong crypto primitives, although they > are still very strong. it depends on the primitive. for example reduced round keccak is shown to be safe in certain modes, and i would claim that password hashing is such a mode. namely authors explored the use of reduced round keccak-f in keyed modes, in which an attacker is not in control of the input. the conclusion was that round numbers down to 3 from 24 are still considered safe. http://keccak.noekeon.org/KeccakDIAC2012.pdf 4.1 The donkeySponge construction i assume we can say in general that primitives designed to deal with malicious input are overly strong for password hashing, and in some cases, it can actually be shown.
Powered by blists - more mailing lists