lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAAS2fgT=6z-gt2hqTE23Ps7ygfKvhrz76JVSKeYiZT2_E2rOQA@mail.gmail.com> Date: Mon, 13 Apr 2015 15:35:42 +0000 From: Gregory Maxwell <gmaxwell@...il.com> To: discussions@...sword-hashing.net Subject: Re: [PHC] winner selection On Mon, Apr 13, 2015 at 3:11 PM, Solar Designer <solar@...nwall.com> wrote: > Makwa - likely select as a winner, but may need more pairs of eyes > first, who would confirm they have actually reviewed Makwa. I think > Steve did? Anyone else? I didn't review it, and I think we have panel > members who are more qualified to review it. Makwa is a likely winner > because it provides a unique feature with specific use cases for it, > it looks good at first glance (but indeed that's not a proper review), > and it comes from a particularly careful submitter. Malkwa is near to my heart-- having a class of approach that I'm fond of, but I think it would only be selected as a winner because it is the only function of its type in the contest. If I'd offered a Malkwa competitor it would have had information theoretic security for delegation (in exchange for making some tricks/performance worse). I suspect in the Bitcoin space we may someday deploy something like Malkwa for some applications (in particular; access keys for hardware wallets that don't have enough computational power to perform meaningful hardening on their own), but we'd only prefer it over more ordinary hardening functions if it bought us information theoretic security, which allow worryfree delegation of computation to completely untrusted parties.
Powered by blists - more mailing lists