lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 07 Apr 2015 13:07:45 +0200
From: Markus Duermuth <markus.duermuth@....de>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Panel: Please require the finalists to help with benchmarks

Hi all,

Am 03.04.2015 um 17:29 schrieb Bill Cox:
> On Fri, Apr 3, 2015 at 3:59 AM, Dmitry Khovratovich
> <khovratovich@...il.com <mailto:khovratovich@...il.com>> wrote:
>
>     We could try to develop several typical scenarios for benchmarking.
>     Maybe people from industry could contribute with usecases.
>
>     For example:
>     Scenario 1 (cryptocurrency mining on x86 desktop):
>     [...]
>
>
> Exactly.  I completely agree with this approach.  Rather than bury
> your main idea debating scenarios, can we restate your idea plainly?

I think this is the right way to go, and I briefly wanted to mention
that we have proposed something similar recently [1] (see specifically
Sections 4 and 5).  (Please note that HashCat has improved a lot since
we ran the experiments.)

Basically, we proposed to find "equivalent parameters" for the schemes
you want to compare, where the equivalent parameters result in
(approximately) the same runtime for a defender.  Then you can compare
attacks against these parameter sets for the different schemes.  We did
not specifically take into account memory usage, but this can indeed by
covered by looking at different "scenarios", with different memory sizes
and possibly different architectures, as below.

If there is only one parameter to vary then one can simply measure the
equivalent parameters; if there is more than one parameter, then the
authors need to specify which parameters to use in which scenario, or
alternatively specify relations between parameters.

If one only considers memory-hard algorithms and attackers using ASICs,
then this is pretty much the same as the graphs showing memory vs. time
(but axis swapped); however, once you factor in other algorithms (at
least a comparison with previous algorithms), and other attackers, you
need to know what to compare against.

(I am well aware that this suggestion is not terribly surprising/new,
but I've not seen this mentioned in the discussion on this list, so I
thought I should mention it.)

Kind regards,
Markus


[1] 
https://www.mobsec.rub.de/media/mobsec/veroeffentlichungen/2015/04/02/duermuth-2014-password-guessing.pdf



Content of type "text/html" skipped

Powered by blists - more mailing lists