[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAOLP8p4KOkasgoBJnz9+UDwVGaGD2vE+dj=hK+SjVrWPE16q7Q@mail.gmail.com>
Date: Fri, 28 Aug 2015 09:52:45 -0700
From: Bill Cox <waywardgeek@...il.com>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>
Subject: Re: [PHC] Flaw in Argon2 TMTO ASIC analysis
On Fri, Aug 28, 2015 at 6:48 AM, Dmitry Khovratovich <khovratovich@...il.com
> wrote:
> If the ASIC running time is about the same as for CPU (which is reasonable
> to expect), then the bandwidth would be about 20-50 GB/sec, so it can grow
> by the factor 4-8 without affecting running time.
>
> This is the main reason I want to use the new MAXFORM feature in Argon2.
Without MAXFORM, I estimate an attacker can make use of 320 GiB/s of
bandwidth without being computation speed limited. With MAXFORM, I
estimate he can make use of only 40 GiB/s before hitting the computation
speed wall.
That 8x free parallelism in Argon2's compression function is my least
favorite thing about Argon2. MAXFORM fixes it, while providing GPU
resistance and more.
Bill
Content of type "text/html" skipped
Powered by blists - more mailing lists