[148836] in cryptography@c2.net mail archive
[Cryptography] I posted a memory-hard key stretching algorithm on
daemon@ATHENA.MIT.EDU (Bill Cox)
Mon Dec 30 16:04:46 2013
X-Original-To: cryptography@metzdowd.com
Date: Mon, 30 Dec 2013 15:05:14 -0500
From: Bill Cox <waywardgeek@gmail.com>
To: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============0545228257371701865==
Content-Type: multipart/alternative; boundary=001a11c2aa6a3ea74d04eec5f68c
--001a11c2aa6a3ea74d04eec5f68c
Content-Type: text/plain; charset=ISO-8859-1
It's at:
https://github.com/waywardgeek/keystretch
If this algorithm isn't too lame, I'll enter it in the password hashing
competition in January. There isn't much time for feedback or code
development, so if you're interested in these algorithms, please let me
know your thoughts on this one. Essentially, I've upped the pre-hashing of
the password to 4096 SHA-256 rounds, and replaced the memory hashing
function of scrypt, Salsa20/8, with a simple hack that seems to run 8X
faster while being unpredictable enough.
The only other entry I've read about so far is based on Blake2, which is a
nice improvement over Salsa20, I think, but like scrypt, it spends most of
it's time hashing rather than filling the memory bandwidth. I'm not sure a
cryptographically strong hash is called for, so I'm suggesting using a
simpler hash that seems to work well enough. Any thoughts welcome.
--001a11c2aa6a3ea74d04eec5f68c
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">It's at:<div><br></div><div><a href=3D"https://github.=
com/waywardgeek/keystretch">https://github.com/waywardgeek/keystretch</a><b=
r></div><div><br></div><div>If this algorithm isn't too lame, I'll =
enter it in the password hashing competition in January. =A0There isn't=
much time for feedback or code development, so if you're interested in=
these algorithms, please let me know your thoughts on this one. =A0Essenti=
ally, I've upped the pre-hashing of the password to 4096 SHA-256 rounds=
, and replaced the memory hashing function of scrypt, Salsa20/8, with a sim=
ple hack that seems to run 8X faster while being unpredictable enough.</div=
>
<div><br></div><div>The only other entry I've read about so far is base=
d on Blake2, which is a nice improvement over Salsa20, I think, but like sc=
rypt, it spends most of it's time hashing rather than filling the memor=
y bandwidth. =A0I'm not sure a cryptographically strong hash is called =
for, so I'm suggesting using a simpler hash that seems to work well eno=
ugh. =A0Any thoughts welcome.</div>
</div>
--001a11c2aa6a3ea74d04eec5f68c--
--===============0545228257371701865==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============0545228257371701865==--
