| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 2 Jul 2015 08:34:55 -0700
From: Bill Cox <waywardgeek@...il.com>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>
Subject: Re: [PHC] RE: Password hashing as a self-overwriting Turing machine
On Wed, Jul 1, 2015 at 12:32 PM, denis bider <pwhashing@...isbider.com>
wrote:
> I consider formal proof a nice thing to have, but less than crucial. We
> don't have formal proof for ECC, DH, or RSA, either. An algorithm with
> formal proof may indeed have inferior characteristics in practice than an
> algorithm without it. Focusing solely on formal proof seems to me like the
> case of building a fence around a house where most of the planks are six
> feet, but one of the planks is sky-high.
>
Going through the steps of a proof is still helpful. For example, I
noticed your entropy loss step (mutiply by even number) when trying to see
that all your instructions are reversible, to prove there is no entropy
loss.
It was also fun to show that BusyBeaver is finite-memory Turing complete (I
probably have that term wrong). The advantage of this is it gives people
like me more confidence that your hash is a potentially cryptographically
secure.
I also verified your input parameter hashing. Proving that you get that
part right is important, IMO, since a few entries got it wrong, as well as
some accepted standards like PBKDF2.-HMAC.
Your algorithm needs a _lot_ of work before it would be competitive, but
for someone who hasn't done stuff like this before, it is a very
respectable start.
Bill
Content of type "text/html" skipped
Powered by blists - more mailing lists