lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAGiyFdfVkGjLu9twQD=LWhzUKhgX4SsrOqdU5tFkEtOni80paw@mail.gmail.com>
Date: Tue, 21 Jul 2015 07:39:16 +0000
From: Jean-Philippe Aumasson <jeanphilippe.aumasson@...il.com>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>, 
	Dmitry Khovratovich <khovratovich@...il.com>, Alex Biryukov <alex.biryukov@....lu>
Subject: Argon2 improvement thread

Argon2 will be the basis for the final PHC winner. What should be change to
make it better than it is now?

The designers proposed an optional update:
* "smarter non-linear indexing (...) in order to flatten the memory usage
over time"
* BlaMka (from Lyra2) instead of BLAKE2b
see
http://permalink.gmane.org/gmane.comp.security.phc/3008
https://github.com/khovratovich/Argon2/blob/master/Argon2.pdf (chap 3)

Solar Designer proposed to integrate MAXFORM in Argon2d.

Bill Cox proposed (in his yesterday's email):
"- A hybrid Argon2i/Argon2d (Argon2id?), where some initial fraction of
memory hashing is done in a cache-timing independent manner, followed by
unpredictable addressing to improve off-line attack resistance.  If this
fraction were a parameter, it would unify Argon2i and Argon2d into one
algorithm.
- Improved GPU resistance, similar to Yescrypt"


The selected tweaks should make Argon2d and/or Argon2i better but without
changing too much the original design (none of the above suggested changes
would).

Content of type "text/html" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ