lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 21 Jul 2015 21:45:18 +0200
From: Solar Designer <solar@...nwall.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Argon2 improvement thread

On Tue, Jul 21, 2015 at 12:24:00PM -0700, Bill Cox wrote:
> If Alexander proposed to integrate his PWXFORM (I don't know what MAXFORM
> is), then I would be for it.  This would satisfy my request for improved
> GPU resistance, and also my request for multiplication-chain computation
> time hardening.

MAXFORM is the scalar equivalent to (and subset of) pwxform.  It's
neither parallel, nor wide, but is otherwise the same.

It would co-exist with Argon2's existing SIMD code.

> There are only two really outstanding SIMD-optimized mixing functions which
> were used in this competition, IMO.  The choices are the reduced-Blake2
> with or without it's multiplication modification, and PWXFORM.  I suspect
> between Samuel Neves, Alexander, and the Argon2 team, they could figure out
> the best solution.

Switching Argon2 to use pwxform would be too much of a change - not
code-wise, but design-wise.  If we were to do that, then it'd be better
to go with (simplified) yescrypt or the like instead, which we already
have separately (just not as the PHC winner).

Alexander

Powered by blists - more mailing lists