IETF Logo Mail Archive

[Cfrg] Fw: Argon2i, scrypt, balloon hashing, ...

Dan Brown <danibrown@blackberry.com> Tue, 16 August 2016 16:06 UTC

Return-Path: <danibrown@blackberry.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4917012D7CD for <cfrg@ietfa.amsl.com>; Tue, 16 Aug 2016 09:06:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.848
X-Spam-Level:
X-Spam-Status: No, score=-3.848 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-1.247, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oVLbwL3eITes for <cfrg@ietfa.amsl.com>; Tue, 16 Aug 2016 09:06:15 -0700 (PDT)
Received: from smtp-p01.blackberry.com (smtp-p01.blackberry.com [208.65.78.88]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A0C8812B069 for <cfrg@irtf.org>; Tue, 16 Aug 2016 09:06:15 -0700 (PDT)
Received: from xct107cnc.rim.net ([10.65.161.207]) by mhs211cnc.rim.net with ESMTP/TLS/DHE-RSA-AES256-SHA; 16 Aug 2016 15:06:41 -0400
Received: from XMB116CNC.rim.net ([fe80::45d:f4fe:6277:5d1b]) by XCT107CNC.rim.net ([fe80::b815:71ef:9f8f:e07c%16]) with mapi id 14.03.0210.002; Tue, 16 Aug 2016 12:06:11 -0400
From: Dan Brown <danibrown@blackberry.com>
To: IRTF CFRG <cfrg@irtf.org>
Thread-Topic: [Cfrg] Argon2i, scrypt, balloon hashing, ...
Thread-Index: AQHR90WamN7mC1+UQ0+w7tqG6bvx+KBLnJ8VgAAlC4I=
Date: Tue, 16 Aug 2016 16:06:11 +0000
Message-ID: <20160816160607.5709905.1691.3597@blackberry.com>
References: <mailman.995.1471241877.1171.cfrg@irtf.org>, <alpine.WNT.2.00.1608151525480.8540@RogawaySamsung9>, <20160816135332.5709905.51384.3573@blackberry.com>
In-Reply-To: <20160816135332.5709905.51384.3573@blackberry.com>
Accept-Language: en-US, en-CA
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="windows-1256"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/Kj6RTreTb5OelT2qZJc1BWk8PAA>
Subject: [Cfrg] Fw: Argon2i, scrypt, balloon hashing, ...
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Aug 2016 16:06:17 -0000

Isn't password hashing out of scope for IRTF work? Or at least not a focus? Like RNGs and secure storage‎, it is important to security but not a form openly interoperable communication.

Sent from my BlackBerry 10 smartphone on the Rogers network.
  Original Message
From: Dan Brown <danibrown@blackberry.com>
Sent: Tuesday, August 16, 2016 9:53 AM
To: Phillip Rogaway; cfrg@irtf.org
Subject: Re: [Cfrg] Argon2i, scrypt, balloon hashing, ...


Also, isn't the need for interoperability of password hashing smaller‎ than for general protected communication?  (Or, is the eventual intent to add these algorithms to some IETF protocols, e.g. PAKEs etc.?)

Sent from my BlackBerry 10 smartphone on the Rogers network.
  Original Message
From: Phillip Rogaway
Sent: Monday, August 15, 2016 6:37 PM
To: cfrg@irtf.org
Subject: [Cfrg] Argon2i, scrypt, balloon hashing, ...


I would like to gently suggest the CFRG not move
forward with blessing any memory-hard hash function
at this time.  The area seems too much
in flux, at this time, for this to be desirable.
Really nice results are coming out apace.
Standards can come too early, you know, just as
they can come out too late.


phil

_______________________________________________
Cfrg mailing list
Cfrg@irtf.org
https://www.irtf.org/mailman/listinfo/cfrg

v2.23.0 | Report a Bug | By Email