lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 1 Apr 2015 05:22:34 -0500 (CDT)
From: Steve Thomas <steve@...tu.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] OMG we have benchmarks

> On April 1, 2015 at 3:45 AM Solar Designer <solar@...nwall.com> wrote:
>
> On Wed, Apr 01, 2015 at 03:02:07AM -0500, Steve Thomas wrote:
> > https://raw.githubusercontent.com/mbroz/PHCtest/master/output/round2_Lenovo_X230_i5_16G/mc_cost_2/memory_time_round.png
> >
> > Note I believe there might be a problem with some of it: battcrypt on 5x and
> > POMELO on 3x and 5x. Since those algorithms don't have t_costs for those and
> > I
> > think they are run at lower settings.
> >
> > But ignoring that these are the best benchmarks I've seen since they're
> > normalized for rounds across memory and time vs memory (instead of having
> > t_cost
> > or m_cost as an axis).
>
> Cool! Why are these for t_cost from 2 to 5, though? Where's t_cost 0
> and 1?

2x to 5x are how many passes are done over memory (ignoring the initialization
of memory). This is what I came up with here:
http://article.gmane.org/gmane.comp.security.phc/2550

This was just my attempt at coming up with useful settings to compare algorithms
and Milan Broz was awesome enough to run them.


> I think only behavior with the lowest supported t_cost matters
> for selection of a scheme, whereas exactly how higher t_cost affects the
> behavior is merely additional information to be used for fine-tuning.
>

Yes but using minimum t_cost has problems because some algorithms aren't memory
hard at those levels. I assume when the winner is picked we'll have minimum
settings that aren't broken. I personally think that any setting that allows for
TMTO is broken. Thus why I started at 2x. Also there are multiple because
battcrypt, POMELO, and Pufferfish don't use t_cost linearly. Well yescyrpt too
but that's just the first two that are weird.

Powered by blists - more mailing lists