lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 23 Jul 2015 03:08:54 +0200
From: Solar Designer <solar@...nwall.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Argon2 improvement thread

On Wed, Jul 22, 2015 at 03:33:59PM -0700, Bill Cox wrote:
> I think I would prefer maxform in both, with the regular reduced-blake2 in
> both, although using blamka in both would also be OK.  I'm a big fan of
> maxform with or without blamka, and also I would prefer to keep Argon2i
> similar to Argon2d, preferably merging the algorithms into 1.  Even though
> the addressing in Argon2i is predictable, I do not see any easy way to use
> in a GPU against maxform, though I'm no GPU expert.

Unfortunately, it won't work that way.  As it is, MAXFORM does input
dependent S-box lookups (and this provides most of its GPU resistance),
and I was proposing plugging it into 2d such that it'd work on
password-dependent inputs.  For 2i, we need some revision of it, and
it'd provide less GPU resistance.

JP - please keep track of one more tweak requested by several people now
(and which I support) - merging 2d and 2i into one, with a flag or a
tri-state parameter.  Somehow you did not list it in your summary message.

Alexander

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ