Date: Sat, 4 Apr 2015 17:01:52 +0200
From: Jean-Philippe Aumasson <jeanphilippe.aumasson@...il.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Allowing Agon2 and Catena2?

FTR: After the finalists selection submitters were allowed to submit
minor changes ("tweaks") to their submissions. The Argon designers
proposed a modified Argon, as well as Argon2, and let the panel decide
whether or not Argon2 ("major modification" as per its designers)
would be acceptable. The PHC panel decided not to replace Argon with
Argon2 in the finalists, for the simple reason that it's too much of a
change compared to the original Argon. It would've been unfair to
other submitters to make an exception.


On Thu, Apr 2, 2015 at 5:30 PM, Bill Cox <waywardgeek@...il.com> wrote:
> Do we want to continue benchmarking Argon2d and Argon2i?  It is useful for
> reference, but we're putting work into analyzing Argon2 that should go
> elsewhere if there is no chance Argon2 can be selected.  I find Argon2 to be
> good work compared to Argon, and generally I don't care much for rules when
> they hurt the world, so my preference is to drop Argon, and allow Argon2 to
> go forward.  Is this possible?
>
> The same goes for the new Catena version, and I'd also like to allow them to
> add any H hash function they need to, including the reduced Blake2b
> single-round hash.  I think the world would be better off with Argon2i and
> Catena2 duking it out for the cache-timing-resistant category, and Lyra2,
> Yescrypt, and Argon2d duking it out for the Scrypt upgrade category.
>
> Anyway, some guidance here would be useful at a minimum for benchmarking and
> security analysis efforts.
>
> Bill

Powered by blists - more mailing lists