lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CALW8-7LBBpPybd9iOhRfxMVu9_oxSJo_4ySYhnw_nvpraGQKQQ@mail.gmail.com> Date: Wed, 29 Apr 2015 16:19:51 +0200 From: Dmitry Khovratovich <khovratovich@...il.com> To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net> Subject: Re: [PHC] Argon2 modulo division It is the same as deleting an old block and producing two new ones. So it does not change the skewness of the penalty distribution. On Wed, Apr 29, 2015 at 4:07 PM, Krisztián Pintér <pinterkr@...il.com> wrote: > On Wed, Apr 29, 2015 at 3:51 PM, Dmitry Khovratovich > <khovratovich@...il.com> wrote: >> All the tradeoff methods I have tried accumulated highest penalties in >> latest blocks. Therefore, the latest blocks should be asked rather >> more often - but not always (sliding window), as then the attacker >> would not store the first blocks at all. > > gambit's solution is a sliding window but xor into memory, which means > all recomputation graphs go back to the origin. -- Best regards, Dmitry Khovratovich
Powered by blists - more mailing lists