lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 Jan 2016 18:44:02 +0100 From: Krisztián Pintér <pinterkr@...il.com> To: discussions@...sword-hashing.net Subject: Re: [PHC] Re: Attack on Argon2i? Bill Cox (at Tuesday, January 12, 2016, 6:30:07 PM): > ./argon2memtest $((1 << 26)) > Max blocks used 12409040 out of 67108864. Memory reduction 5.41X i don't recall if i posted this to the list, but if not, i swear i'm not making this up after this article :) so i'm long since against pseudorandom but fix access patterns. first, i don't see the benefit of a pseudorandom but fixed over a simple and fixed. it is still fixed. second, i see the risk that anything chosen randomly might be suboptimal. especially if it depends on a value (like salt) out of control. i don't like their approach for the same reason. analogy: s-boxes. it is known, that random s-boxes are suboptimal in comparison to carefully crafted ones. this is the expected thing, since why would a random object be optimal? it only happens if the vast majority of possible objects are optimal, which at least needs a proof. this is why i like catena's more scientific approach, or yes, my own for that matter.
Powered by blists - more mailing lists