lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 1 Apr 2015 13:23:29 +0000
From: Gregory Maxwell <>
Subject: Compute time hardness

On Wed, Apr 1, 2015 at 1:08 PM, Solar Designer <> wrote:
> yescrypt's claimed area-time product at t_cost = 0 is
> lower, at (1/3+1/3)/(1/2+1/3) = 80% of what's theoretically possible for
> its running time (e.g., of what TwoCats tried to achieve).

Speaking of what TwoCats tried to achieve...

Has anyone done any estimates of the compute-time hardness of the
various finalists at various setting levels?  E.g. what is the cost
for attacker with infinite memory area and bandwidth? (sorry if I've
missed a thread; just point me to it if I have)

Powered by blists - more mailing lists