| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.DEB.2.11.1505060827590.8792@debian> Date: Wed, 6 May 2015 08:32:30 +0200 (CEST) From: Stefan.Lucks@...-weimar.de To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net> Subject: Re: [PHC] Maximising Pseudo-Entropy versus resistance to Side-Channel Attacks On Tue, 5 May 2015, Bill Cox wrote: > No! Say H2 runs in 1 second allocating 10 MB, while H2, allocating the same 10 > MB is ten times faster 0.1 second. If the defender is willing to wait 1 second, > for either H1 or H2, H1 could then allocate 100 MB. > > cost for H1: 100 sMB (seconds * Megabyte) > > cost for H2: 10 sMb (sconds * Megabyte) > > So the pseudo-entropy for H1 is 3.32 bit larger than the pseudo-entropy for H2, > not 6.64. > > Stefan > > > Sorry, your math is still wrong. Mallory gets a 100X benefit. My math is correct. But I see what you mean. Increasing the memory by a factor of ten on the defender's machine, at the same speed, can actually increase Malory's costs by more than a factor of ten, depending on Mallory's hardware. Stefan ------ I love the taste of Cryptanalysis in the morning! ------ uni-weimar.de/de/medien/professuren/mediensicherheit/people/stefan-lucks --Stefan.Lucks (at) uni-weimar.de, Bauhaus-Universität Weimar, Germany--
Powered by blists - more mailing lists