lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 3 Mar 2016 11:07:34 +0100
From: Dmitry Khovratovich <khovratovich@...il.com>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>, cfrg@...f.org
Subject: Argon2 v.1.3

Dear all,

We have prepared the new version 1.3 of Argon2 [2], which addresses the
memory optimization strategy by Corrigan-Gibbs et al. [1]. The method in
[1] allows running Argon2i with 1/3 of required memory for any number of
passes without computational penalty.

The main tweak of version 1.3 is the XOR of a new block into the memory
instead of plain overwrite. This tweak not only eliminates the problem with
multi-pass Argon2i, but also increases the memory bandwidth thus making it
more ASIC-resistant. The tweak applies to both Argon2d and Argon2i.

The specification [2] contains the analysis of the attack and its status in
the new version (Section 5.2). It also discusses the recent attack on
Argon2i by Alwen and Blocki [3], showing that for (3 and more)-pass Argon2i
it is not efficient (Section 5.6).

The code update (to be merged soon with the primary codebase) contains new
test vectors and the optimized implementation. The new version is 5-10%
slower depending on the platform.


We plan to prepare the new RFC draft ASAP.


[1] http://eprint.iacr.org/2016/027.pdf
[2] https://www.cryptolux.org/images/0/0d/Argon2.pdf
[3] http://eprint.iacr.org/2016/115.pdf

-- 
Best regards,
the Argon2 team

Content of type "text/html" skipped

Powered by blists - more mailing lists