| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20150705195753.GB31031@openwall.com> Date: Sun, 5 Jul 2015 22:57:53 +0300 From: Solar Designer <solar@...nwall.com> To: discussions@...sword-hashing.net Subject: Re: [PHC] Overview of PHC Candidates and Garbage-Collector Attacks Hi Jakob, On Thu, Jul 02, 2015 at 05:05:50PM +0200, Jakob Wenzel wrote: > we have updated the classification document (including analysis > regarding to (weak) garbage-collector attacks -- (W)GCA). > > See: https://eprint.iacr.org/2014/881 > > Among other minor changes, the update includes: > 1) Argon2d and Argon2i (as two instantiations of the finalist Argon2) > 2) yescrypt now provides (W)GCA resistance under certain requirements > depending on the input parameter It is unclear from your description whether you think yescrypt provides GC resistance at t > 0 and/or g > 0, and why. Can you clarify? You first list t = 0 among requirements for yescrypt's GC resistance, and then describe how things change at t > 0 and/or g > 0, but you seem to never clearly state whether it's GC attack resistant at those settings. (And there's a missing closing brace, but this doesn't affect meaning.) On a related note, the tweaked yescrypt defines client-independent updates, so you may check this in Table 2. > 3) tables now differentiate between finalist/non-finalists > 4) added motivation for (W)GCA attacks in the introduction > 5) BLAKE2b-1 is added as hash function for Catena > 6) BlaMka is added as permutation for Lyra2 (in brackets, since it is > not fully analyzed yet and thus, not recommended as default > instantiation by the authors of Lyra2) Thanks, Alexander
Powered by blists - more mailing lists