lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 5 May 2015 10:54:34 -0700
From: Bill Cox <waywardgeek@...il.com>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>
Subject: Re: [PHC] Argon2

On Tue, May 5, 2015 at 1:15 AM, Jean-Philippe Aumasson <
jeanphilippe.aumasson@...il.com> wrote:

> FTR, the panel had agreed to accept Argon2 as a PHC candidate, superseding
> Argon
>

Awesome!  I do think this is the right decision.

As for potential tweaks, here's some dumb ideas:

- Argon2d/i are similar.  Can we make it one algorithm that has a flag
specifying when to switch from cache-timing resistant mode to password
dependent mode?  That would let one algorithm do both (something I can do
in TwoCats)
- Both Argon2d and Lyra2 are too focused on TMTO resistance, to the point
of running slower than needed.  Cutting the Blake2 rounds in half in Argon
considerably speeds it up, as does reducing the memory writes in Lyra2.
This would improve both algorithm's basic defense.
- Both Lyra2 and Argon2 should use the modified Blake2 round with
multiplications for improved compute-time hardening

Argon2d is a late-comer and needs more work than Yescrypt or Lyra2, but it
looks promising to me, if enough tweaks are allowed.  I don't know about
the other finalists, but the two strong Argon2 competitors are Lyra2 and
Yescrypt, both of which have already influenced the Argon2 design, I
think.  I think both the Yescrypt and Lyra2 team would be happy to see the
best possible solution, which could be Argon2 in the end, if the Lyra2 and
Yescrypt authors were to cooperate with the improvements to Argon2.

I am a fan of the one-pass model in Argon2.  It could be enhanced into a
winning algorithm, IMO.

Bill

Content of type "text/html" skipped

Powered by blists - more mailing lists