lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 2 Apr 2015 08:49:33 +0300
From: Solar Designer <solar@...nwall.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] OMG we have benchmarks

On Thu, Apr 02, 2015 at 11:05:58AM +0800, Hongjun Wu wrote:
> I agree with you that the schemes with several parameters need to list the
> parameters being used.

Makes sense.  Right now, they're hard-coded in PHS(), but are generally
not explicitly listed elsewhere.

> Further, I think that it is better for the designers to fix those
> parameters in the competition.

This is (mostly) how it is now, due to PHS().

> Otherwise, the parameters can be tuned to
> favor one type of comparison, then get tuned to favor another different
> type of comparison.

This may be a good thing, although it does have a drawback: potential
confusion about what we're comparing.

In actual usage, those extra parameters may in fact be tuned to match
specific use cases better.  We just need to ensure that both schemes
being compared are tuned for the same use case.

And indeed, it should be viewed as an advantage of a scheme if it
achieves competitive results even without tuning for the use case.

Alexander

Powered by blists - more mailing lists