lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20150414123210.GA5330@bolet.org> Date: Tue, 14 Apr 2015 14:32:10 +0200 From: Thomas Pornin <pornin@...et.org> To: discussions@...sword-hashing.net Subject: Re: [PHC] winner selection On Mon, Apr 13, 2015 at 09:13:48PM +0000, Marsh Ray wrote: > I don't mind if we endorse other functions for special cases, as long > as we are abundantly clear that they are endorsed only when used for > their special semantics and are not to be considered alternative > recommendations for the general case. If we are talking about Makwa here, then I would like to make the (possibly bold) claim that Makwa, without considering delegation, is an acceptable replacement of bcrypt. More precisely, it has been reported that using GPU is not worth it when trying to brute-force a bcrypt hash; general-purpose CPU with a few kilobytes of RAM are a better bargain for that job. My claim is that the same holds for Makwa. I would really like to see this claim either confirmed or disproved by people with expertise on GPU programming and access to recent GPU. If the claim is confirmed, then Makwa is not completely a "special-case function"; being a possible drop-in replacement for bcrypt (and, of course, PBKDF2) qualifies as "general case" for me. (I may even argue that a memory-hard function that gobbles up a gigabyte of RAM does NOT qualifies as a drop-in replacement for bcrypt, because it cannot be assumed that a given application that uses bcrypt will have a spare gigabyte of RAM. In a similar way, bcrypt or PBKDF2 are not drop-in replacements for a single MD5 since they -- by design -- use a lot more CPU. This point really means that the notion of "general case" is a matter of subtlety.) --Thomas Pornin
Powered by blists - more mailing lists