lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 5 May 2015 13:06:56 +0200
From: Dmitry Khovratovich <khovratovich@...il.com>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>
Subject: Re: [PHC] Argon2

We appreciate the panel's decision.

Argon2 will become even better. We plan to add new features and
security enhancements in a post-PHC tweak. The tweak will contain:
 - new indexing function, that makes the memory access pattern more
uniform and also strengthens the TMTO resistance. We are currently
working out the best solution by
calculating the penalties for various existing (Bill's distancecubed,
Solar's sliding window) and our own indexing functions using the
improved version of the ranking tradeoff algorithm.
 - new internal permutation that uses integer multiplication for
hardening and chains the subblocks in the way that maximizes the
non-tradeoff latency.

We plan to finish these ideas by the end of the month. The design
rationale will be published, as usual.

Today, however, we are proud to announce a feature for Argon2, that
makes it suitable for cryptocurrencies. Namely, it enables fast,
memoryless verification in a non-interactive way. In a concrete
example, a proof for running 3-pass Argon2 using 2 GB of RAM is only
500 KB in size and the verifier has to just hash (with Blake2) the
string of about the same size, i.e. this takes milliseconds.

The full paper is available here
https://www.cryptolux.org/images/9/95/Fast_memory_hard.pdf , and this
new feature is described in Section 8. You do not need to know many
details about Argon2 to read it.

Best regards,
the Argon team.


On Tue, May 5, 2015 at 10:15 AM, Jean-Philippe Aumasson
<jeanphilippe.aumasson@...il.com> wrote:
> FTR, the panel had agreed to accept Argon2 as a PHC candidate, superseding
> Argon



-- 
Best regards,
Dmitry Khovratovich

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ