lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 31 Mar 2015 13:24:47 +0200
From: Krisztián Pintér <pinterkr@...il.com>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>
Subject: Re: [PHC] Another PHC candidates "mechanical" tests (ROUND2)

On Tue, Mar 31, 2015 at 5:11 AM, Hongjun Wu <wuhongjun@...il.com> wrote:
> Eventually it turns out that a number of second round candidates need to cut
> the round number significantly.   I feel that it is no longer true that
> those PHC candidates are based on strong crypto primitives, although they
> are still very strong.

it depends on the primitive. for example reduced round keccak is shown
to be safe in certain modes, and i would claim that password hashing
is such a mode. namely authors explored the use of reduced round
keccak-f in keyed modes, in which an attacker is not in control of the
input. the conclusion was that round numbers down to 3 from 24 are
still considered safe.

http://keccak.noekeon.org/KeccakDIAC2012.pdf
4.1 The donkeySponge construction

i assume we can say in general that primitives designed to deal with
malicious input are overly strong for password hashing, and in some
cases, it can actually be shown.

Powered by blists - more mailing lists