lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 5 May 2015 18:35:44 +0300
From: Solar Designer <>
Subject: Re: [PHC] Argon2

On Tue, May 05, 2015 at 02:59:35PM +0000, Jean-Philippe Aumasson wrote:
> To clarify: I'd talk of optimizations rather than tweaks, after we've
> selected the winner. I'm not planning another round of tweaks and
> evaluations that would delay the process. If the panel selects some Argon2
> variant as a winner, the final version may be optimized jointly with the
> authors. A bit like Keccak/SHA3 was optimized after being selected by NIST.

Does this mean you'd like us not to accept even the Argon2 tweaks that
the Argon team has just promised will be ready by the end of this month?
They did call those post-PHC tweaks, but do we want them to be post-PHC?
To me, expecting post-PHC tweaks (if they're incompatible tweaks rather
than merely extensions for added functionality) would be a minor reason
not to select Argon2.

Does use of BlaMka in Argon2i count as an optimization rather than a tweak?

What about a MAXFORM chain for Argon2d?

What about a change in block indexing during memory filling?

Personally, I'm not worried about delaying the process if time is being
spent reasonably rather than wasted.  This is why I like having the
panel work closely with the submitters of a handful of schemes.


Powered by blists - more mailing lists