| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20150505153543.GA26977@openwall.com> Date: Tue, 5 May 2015 18:35:44 +0300 From: Solar Designer <solar@...nwall.com> To: discussions@...sword-hashing.net Subject: Re: [PHC] Argon2 On Tue, May 05, 2015 at 02:59:35PM +0000, Jean-Philippe Aumasson wrote: > To clarify: I'd talk of optimizations rather than tweaks, after we've > selected the winner. I'm not planning another round of tweaks and > evaluations that would delay the process. If the panel selects some Argon2 > variant as a winner, the final version may be optimized jointly with the > authors. A bit like Keccak/SHA3 was optimized after being selected by NIST. Does this mean you'd like us not to accept even the Argon2 tweaks that the Argon team has just promised will be ready by the end of this month? They did call those post-PHC tweaks, but do we want them to be post-PHC? To me, expecting post-PHC tweaks (if they're incompatible tweaks rather than merely extensions for added functionality) would be a minor reason not to select Argon2. Does use of BlaMka in Argon2i count as an optimization rather than a tweak? What about a MAXFORM chain for Argon2d? What about a change in block indexing during memory filling? Personally, I'm not worried about delaying the process if time is being spent reasonably rather than wasted. This is why I like having the panel work closely with the submitters of a handful of schemes. Alexander
Powered by blists - more mailing lists