lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 21 Jul 2015 13:50:53 -0500
From: Jeffrey Goldberg <>
Cc: Dmitry Khovratovich <>,
 Alex Biryukov <>,
 Acapulco Copacabana Hotel <>
Subject: Re: [PHC] Argon2 improvement thread

> On 2015-07-21, at 2:39 AM, Jean-Philippe Aumasson <> wrote:
> Argon2 will be the basis for the final PHC winner. What should be change to make it better than it is now?

If it isn’t too much trouble, it would be nice to have the LaTeX source up on github. That would allow people to submit pull requests with improvements to English language phrasing. (Though I note that the PDF version on github is much more recent then the one I read yesterday, so perhaps this is no longer needed.)

> "- A hybrid Argon2i/Argon2d (Argon2id?), where some initial fraction of memory hashing is done in a cache-timing independent manner, followed by unpredictable addressing to improve off-line attack resistance.  If this fraction were a parameter, it would unify Argon2i and Argon2d into one algorithm.

I very much would like to see i and d brought together, even at the cost of an additional parameter.

I’m very much looking forward to a reference implementation. I had to add a few #includes, <stdlib.h> and <x86intrin.h>, to get this to build on OS X and ran into some odd runtime problems.



Powered by blists - more mailing lists