lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Sat, 21 May 2016 10:31:47 +0200
From: Dmitry Khovratovich <khovratovich@...il.com>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>, 
	Alex Biryukov - UNI <alex.biryukov@....lu>, Daniel Dinu <dumitru-daniel.dinu@....lu>
Subject: Re: [PHC] Memory-hard functions discussed at CFRG meeting (incl. Argon)

Some clarifications due to the increased attention to the paper by Alwen
and Blocki, which has been presented at the recent Eurocrypt CFRG meeting.

1. One of security parameters of memory-hard password hashing functions is
how much an ASIC attacker can reduce the area-time product (AT) of a
password cracker implemented on ASIC. The AT is conjectured to be
proportional to the amortized cracking cost per password.

2. The memory-hard functions with input-independent memory access (such as
Argon2i) have been known for its relatively larger AT-reduction factor
compared to functions with input-dependent memory access (such as Argon2d).
To mitigate this, the minimum of 3 passes over memory for Argon2i was set.

3. The best attacks on Argon2, published in the original design document in
early 2015, have factor 1.3 for Argon2d and factor 3 for Argon2i.

4. The best attack found by Alwen and Blocki has factor 2 for Argon2i.

5. In a bit more details, the advantage of the Alwen-Blocki attack is upper
bounded by (M^{1/4})/36, where M is the number of kilobytes used by
Argon2i. Thus the attack has factor 2 with memory up to 16 GB, and less
than 1 for memory up to 1 GB. Details in Section 5.6 of
https://www.cryptolux.org/images/0/0d/Argon2.pdf

Best regards,
the Argon team

On Sat, May 21, 2016 at 12:48 AM, Alex Elsayed <eternaleye@...il.com> wrote:

> Potentially of interest:
>
> https://www.ietf.org/proceedings/interim/2016/05/12/cfrg/proceedings.html
>
>


-- 
Best regards,
Dmitry Khovratovich

Content of type "text/html" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ