lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 22 Jun 2015 22:01:30 +0200
From: Dmitry Khovratovich <khovratovich@...il.com>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>, 
	Alex Biryukov - UNI <alex.biryukov@....lu>, Dmitry Khovratovich <khovratovich@...il.com>
Subject: Argon2: optional update

Dear PHC community,
 following discussions in the PHC forum we decided to further increase the
circuit depth and improve the tradeoff resistance of Argon2. We propose an
optional update with two main changes:

1) The "random" memory block is not  uniformly selected but with a
distribution skewed towards later blocks. This gives both higher tradeoff
resilience and more uniform memory access. The distribution is similar to
that in TwoCats, though for the moment we slightly prefer quadratic (rather
than cubic) power function as it minimizes the AT gain for a tradeoff
attacker. The detailed design rationale is provided in the update
description.

2) The round function of Blake2b is replaced with BlaMka (each addition is
now accompanied with a 32x32 multiplication) in order to increase the
circuit depth. In total we add 512 MULs per 1-KB block with shortest chain
having 12 MULs.The structure of the compression function remains the same
for the moment (thus some extra parallelism is still in place), since such
a change apparently requires a very involved analysis.

Both modifications affect the performance (the first one increases the
speed, whereas the second one decreases it). In total, Argon2d (and
Argon2i) would run slower by 15% with multiple threads, and by 45% with 1
thread.

This update should be considered as a post-PHC modification, i.e. the one
that is deployed after the winner is declared.

The update is described in a separate chapter of the design document
(chapter 3 in  https://github.com/khovratovich/Argon2/blob/master/Argon2.pdf
).
Both optimized and reference implementations are ready for downloading and
testing in a separate branch
https://github.com/khovratovich/Argon2/tree/enhance

-- 
Best regards,
The Argon team

Content of type "text/html" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ