lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CALW8-7LBBpPybd9iOhRfxMVu9_oxSJo_4ySYhnw_nvpraGQKQQ@mail.gmail.com>
Date: Wed, 29 Apr 2015 16:19:51 +0200
From: Dmitry Khovratovich <khovratovich@...il.com>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>
Subject: Re: [PHC] Argon2 modulo division

It is the same as deleting an old block and producing two new ones. So
it does not change the skewness of the penalty distribution.

On Wed, Apr 29, 2015 at 4:07 PM, Krisztián Pintér <pinterkr@...il.com> wrote:
> On Wed, Apr 29, 2015 at 3:51 PM, Dmitry Khovratovich
> <khovratovich@...il.com> wrote:
>> All the tradeoff methods I have tried accumulated highest penalties in
>> latest blocks. Therefore, the latest blocks should be asked rather
>> more often - but not always (sliding window), as then the attacker
>> would not store the first blocks at all.
>
> gambit's solution is a sliding window but xor into memory, which means
> all recomputation graphs go back to the origin.



-- 
Best regards,
Dmitry Khovratovich

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ