| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAOLP8p6o7_b5Fhe1nVKd1PkP9oP5n8jRJiN1J2AONgQ2adw03A@mail.gmail.com>
Date: Mon, 13 Jul 2015 14:49:08 -0700
From: Bill Cox <waywardgeek@...il.com>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>
Subject: Re: [PHC] Bandwidth hardened algorithms?
On Mon, Jul 13, 2015 at 2:39 PM, Bill Cox <waywardgeek@...il.com> wrote:
> As a side note, I find strange that you still consider Momentum.
>> Memoryless collision search is so well known and explored, that this scheme
>> is barely better than plain SHA-256.
>>
>> Best regards,
>> Dmitry
>>
>
> The parallel Pollard Rho algorithm would make short-work of Momentum,
> except that when they actually implemented it, they changed it slightly
> from the description in the paper.
>
BTW, this is a great example of why I prefer to read the source code rather
than the papers that describe the algorithm. Papers have errors, get out
of date, and skip critical details. The code is where we actually prove an
algorithm works. Momentum is a good example. After reading just the
paper, and being informed about the parallel Pollard Rho algorithm, I was
also confused why Momentum was still being considered for PoW.
Details, like having a 26 bit input vs 50 bit output are not documented in
any paper, AFAIK. They also generate 8 26-bit hashes per SHA-512 hash - a
critical speed feature not mentioned anywhere that I could find.
Fortunately, Momentum's implementation is tiny, and easy to read, even if
it does look rather slow.
Bill
Content of type "text/html" skipped
Powered by blists - more mailing lists