lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <DM2PR03MB559731147051C916C77D631A7A80@DM2PR03MB559.namprd03.prod.outlook.com>
Date: Wed, 1 Jul 2015 20:15:03 +0000
From: Marsh Ray <maray@...rosoft.com>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>
Subject: RE: [PHC] RE: Password hashing as a self-overwriting Turing machine

Denis Bider:
> I consider formal proof a nice thing to have, but less than crucial.
> We don't have formal proof for ECC, DH, or RSA, either.

The difference is that those functions are provably equivalent to problems that are known very hard. Problems that mathematicians have in some cases spent a century studying.

What is the basis for your claim that a randomized sequence of operations from the set you have chosen results in a irreducible function?

I'm not suggesting you can't come up with a good answer for this. I'm just saying I think this is the place to start with further analysis of your function.

> Focusing solely on formal proof seems to me like the case of
> building a fence around a house where most of the planks are
> six feet, but one of the planks is sky-high.

Don't worry, we're all very practically minded here.

> I did not use AES because I wanted something in portable C++ (CPU AES
> would require assembly), and also - we cannot yet count on CPU AES
> support in the platforms we target.

Actually, I do agree with you on this.

> If you don't have CPU AES support, then the way I see it, if you rely
> solely on AES, you're spending proportionally more time operating
> on small blocks of data, instead of exercising what the CPU does
> well, which is fetching stuff from memory.

I think you would enjoy reading through the list archives. Topics such as this are discussed in considerable depth.

- Marsh


Content of type "text/html" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ