[148864] in cryptography@c2.net mail archive
Re: [Cryptography] Strict memory hard hash functions
daemon@ATHENA.MIT.EDU (=?iso-8859-15?Q?Kriszti=E1n_Pint=E)
Tue Dec 31 20:10:29 2013
X-Original-To: cryptography@metzdowd.com
Date: Tue, 31 Dec 2013 22:52:53 +0100
From: =?iso-8859-15?Q?Kriszti=E1n_Pint=E9r?= <pinterkr@gmail.com>
To: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
In-Reply-To: <52C32A8B.4060000@pentatek.com>
Cc: Sergio Lerner <sergiolerner@pentatek.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
Sergio Lerner (at Tuesday, December 31, 2013, 9:35:23 PM):
> I've been playing with a property I named Strict memory hard hash
> functions. Strict memory hard functions are an extension of memory hard
> http://bitslog.files.wordpress.com/2013/12/memohash-v0-1.pdf
i have multiple excuses why i'm not addressing the core of your points
(one is that it is new year's eve, and i drank some champagne already,
second is i'm not perfectly a math guy).
but my question is: you are aware of the ongoing password hashing
competition www.password-hashing.net , aren't you?
i see one downside though. if i understand correctly, you need N^2
time if we want N memory blocks (blocks being a reasonable output size
of some PRF). it either limits us severely in memory use if we aim for
"regular" block sizes like 256 to 512 bits, or requires huge block
size. the latter approach seems to ease the problem to some degree.
can we consider like 65536 bit or higher block sizes? does that hurt
security? maybe we need to consider the internals of such a huge PRF?
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
