lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 2 Jul 2015 08:34:55 -0700
From: Bill Cox <>
To: "" <>
Subject: Re: [PHC] RE: Password hashing as a self-overwriting Turing machine

On Wed, Jul 1, 2015 at 12:32 PM, denis bider <>

> I consider formal proof a nice thing to have, but less than crucial. We
> don't have formal proof for ECC, DH, or RSA, either. An algorithm with
> formal proof may indeed have inferior characteristics in practice than an
> algorithm without it. Focusing solely on formal proof seems to me like the
> case of building a fence around a house where most of the planks are six
> feet, but one of the planks is sky-high.

Going through the steps of a proof is still helpful.  For example, I
noticed your entropy loss step (mutiply by even number) when trying to see
that all your instructions are reversible, to prove there is no entropy

It was also fun to show that BusyBeaver is finite-memory Turing complete (I
probably have that term wrong).  The advantage of this is it gives people
like me more confidence that your hash is a potentially cryptographically

I also verified your input parameter hashing.  Proving that you get that
part right is important, IMO, since a few entries got it wrong, as well as
some accepted standards like PBKDF2.-HMAC.

Your algorithm needs a _lot_ of work before it would be competitive, but
for someone who hasn't done stuff like this before, it is a very
respectable start.


Content of type "text/html" skipped

Powered by blists - more mailing lists