| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 21 Jul 2015 16:07:15 +0000 From: "Corrigan-Gibbs, Henry" <henrycg@...nford.edu> To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net> Subject: Argon2 v1.0 versus v1.2 Hi all, I just heard that Argon2 was announced the winner of the PHC. Congratulations to the Argon2 team, to the other teams, and to everyone else involved! Over the next few days, I am planning to take a closer look at the Argon2 construction and analysis. I found two versions of the Argon2 spec online. The first is Argon2 v1.0, linked from the PHC website and dated 31 January 2015: https://password-hashing.net/submissions/specs/Argon-v2.pdf The second is Argon2 v1.2, posted on the authors’ Github repository and dated 8 July 2015: https://github.com/khovratovich/Argon2/blob/master/Argon2.pdf Since the two versions use different “indexing functions," I imagine that the time-space trade-off for the two schemes could be quite different. Version 1.0 was the PHC winner, so I am tempted to spend my time looking at v1.0. At the same time, if v1.2 is the version that the world will use (assuming that the world starts using Argon2) I should probably focus on v1.2. Is one of these two versions the "authoritative" one? Are there known flaws in v1.0 that provide a rationale for using only v1.2? I looked through the mailing list archives, but was not able to find any discussion of Argon2 v1.2. Henry -- Henry Corrigan-Gibbs
Powered by blists - more mailing lists