| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAMtf1HtoWjALJpaJAc=qFxy+GtS+UKD9NKncu0P9fGsEmXRX_A@mail.gmail.com>
Date: Wed, 29 Jul 2015 07:00:50 +0800
From: Ben Harris <mail@...rr.is>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Argon Indexing Function
On 29 Jul 2015 8:46 am, "Henry Corrigan-Gibbs" <henrycg@...nford.edu> wrote:
> The reference implementation on Github (in the "enhanced" branch) is
computing \phi in a slightly different way, so maybe the spec just needs to
be updated to match what is in the code. Or did I miss something here?
>
I don't think you are missing anything. The Argon team published attacks
against the index functions in other candidates. I expect that finding a
real permutation (maps input to output without any gaps or double ups) that
wasn't weak against the attack would have taken longer than the competition
format allowed, so an alternative type of index was chosen.
Now that there is time for tweaks it would be good to revisit the decision.
If 3 rounds of resistance is sufficient, I did post a modification to bit
reversal that resists Dimity's attack for 3 rounds with only a minor
increase in complexity over bit reversal (and in constant time). I haven't
looked at the specification enough to see if it is compatible though.
I think from memory that the index function at also keyed on the salt? For
Argon2i at least. It might also be worth looking at that at the same time.
(unless my memory is completely incorrect)
-Ben
Content of type "text/html" skipped
Powered by blists - more mailing lists