lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 26 Aug 2015 14:24:31 +0200
From: Dmitry Khovratovich <khovratovich@...il.com>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>
Cc: Dmitry Khovratovich <khovratovich@...il.com>, Alex Biryukov - UNI <alex.biryukov@....lu>, 
	Daniel Dinu <dumitru-daniel.dinu@....lu>
Subject: Argon2 version 1.2.1 release

Dear everyone,

We have just finished the reference and optimized implementations of
Argon2, taking into account comments and advice from the community and the
PHC members. Major improvements are listed below:

Specification (v.1.2.1):
 1. Argon2 now can process up to 4 TB of memory, and it uses 64-bit values
to generate the reference block index.
 2. The hybrid mode Argon2id is added as optional, where the first half of
the first pass over the memory has data-independent addressing (like in
Argon2i), and the other blocks are referenced in the data-dependent fashion
(like in Argon2d).
3. The S-box-with-multiply transformation (almost identical to Solar
Designer's MaxForm) is added to improve the GPU resistance in a new mode
Argon2ds. It is optional as well, and probably subject to change after we
test it on GPU.

Functionality:
 1. The entire code has been refactored. We added function descriptions,
various comments etc.
2. All the duplicate code has been removed. All the Argon2 modes use the
same code (the mode is specified as a separate parameter).
3. The reference code is only twice as slow as the optimized, so the
optimized part consists of just a few functions that use SSE intrinsics.
Overall, we have 40 KB of code that covers all the modes and optimizations.
4. There are special flags that indicate that password, key, or the entire
memory should be cleared immediately after use.
5. A user can specify his own memory (de)allocators.
6. Original PHS() wrapper is still present, but it is now possible to call
Argon2d(), Argon2i(), etc. with single argument as pointer to context.
Context is the data structure that holds all the user inputs.
7. The code has been tested on little-endian machines only. There are
probably a lot of places where big-endian machines would work differently,
but we can not identify them all yet.

Other:
1. We welcome all the comments, optimizations and suggestions.
2. The specification source is also given for error correction.
3. We also welcome GPU implementations that would help to evaluate the
usefulness of Argon2ds.
4. There is a small performance drop (about 10%) compared to the previous
version, but we hope to eliminate it in the future optimizations.
5. Older versions (1.1 and 1.2) are now in separate folders.

The implementation can be still found at
https://github.com/khovratovich/Argon2
Enjoy!

Best regards.
the Argon2 team (Alex, Daniel, Dmitry)

Content of type "text/html" skipped

Powered by blists - more mailing lists