IETF Logo Mail Archive

Re: [Cfrg] [MASSMAIL]Re: adopting Argon2 as a CFRG document

"Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk> Fri, 17 June 2016 16:23 UTC

Return-Path: <Kenny.Paterson@rhul.ac.uk>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B356312D84A for <cfrg@ietfa.amsl.com>; Fri, 17 Jun 2016 09:23:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level:
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=rhul.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ByZPTG-SW5jG for <cfrg@ietfa.amsl.com>; Fri, 17 Jun 2016 09:23:43 -0700 (PDT)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on0044.outbound.protection.outlook.com [104.47.0.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D00512D846 for <cfrg@irtf.org>; Fri, 17 Jun 2016 09:23:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rhul.onmicrosoft.com; s=selector1-rhul-ac-uk; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=M/c/lHPd6xEOr/qzy8an9A33KnKSwWlKQpYQuhnqkSU=; b=vtX5KBheI0okVmarYxHsw/U8NML5CzTiYJRIXCre13lNOG455REFFcv+TZh6hM+ctE+nzqzFWdlo4MsWwSu/ojcYjMC0NVHtmDBMVOrk1GJSWew42zRspVvBh4pAgrtRh3bfvvyvu/qepHdPzq2I6WcQkVyL2vURMP0p/Ls8ZCI=
Received: from AM4PR03MB1811.eurprd03.prod.outlook.com (10.167.88.147) by AM4PR03MB1812.eurprd03.prod.outlook.com (10.167.88.148) with Microsoft SMTP Server (TLS) id 15.1.517.8; Fri, 17 Jun 2016 16:23:39 +0000
Received: from AM4PR03MB1811.eurprd03.prod.outlook.com ([10.167.88.147]) by AM4PR03MB1811.eurprd03.prod.outlook.com ([10.167.88.147]) with mapi id 15.01.0517.014; Fri, 17 Jun 2016 16:23:39 +0000
From: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
To: Dmitry Khovratovich <khovratovich@gmail.com>, "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [Cfrg] [MASSMAIL]Re: adopting Argon2 as a CFRG document
Thread-Index: AQHRszxDNKUWfIzAsEm/HHL33ss7NJ/qwc2AgANSQoA=
Date: Fri, 17 Jun 2016 16:23:39 +0000
Message-ID: <D389E290.6E9FE%kenny.paterson@rhul.ac.uk>
References: <CALW8-7JZZuWszw+Zj0CWHp79wXeQ2JxvKHT0Bpiwv3hz=m493A@mail.gmail.com> <CALW8-7Js5_sAJ+4ZVg4Hg2iLH41c6aunQMHLH=M+n=neCR0UXw@mail.gmail.com> <CALW8-7LYC7kzN98n-rwJLBZufUtukFepKveBFujycEjU7F65Yg@mail.gmail.com>
In-Reply-To: <CALW8-7LYC7kzN98n-rwJLBZufUtukFepKveBFujycEjU7F65Yg@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.4.160422
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Kenny.Paterson@rhul.ac.uk;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [134.219.148.47]
x-ms-office365-filtering-correlation-id: 7be8e07b-0843-4a07-501d-08d396cbbdf5
x-microsoft-exchange-diagnostics: 1; AM4PR03MB1812; 6:A+9Jrs9JfsbAmb6hyQ7FcqKXQDm1zv8XHrW04WCYidoiDG7WVkvWeln/gezAOO9Jwtb9WloT2mH8GUbBEIVcn2Pr31l18CXirmZ8kx6MF+SqjSU4sKsU8/CoNICxxMpctMAhKb27klFrqpUnvwPVY4ty95ABTMDaDxoHgTzQq9LbnTK47rQ7etV+NKSh7mgxspAdU0jp/CjyQk8QuIlp8nf84JTmmpxmOiWf8/ZE/ritE8MPteYxoUw9J4Idgza9I3Py8VAYVjriXz14PZ5mI+x8k1j5+Rt1zZy1y9jTN/A=; 5:5RgW1IVFJXGGbrsCRNzFb2XnhHPh0e4X46TwIX/9UF2zeDdq9jW+ARLxY9JttrLmfUXWLHIx8+5qXSOwy7H4KFgkneiuRrtmnCM7nZpMCG4hCzXj4LCTgI4YJO5BB3ZcdeJXQwMTtbqXxWGMOvoWGg==; 24:LcWcyjVGkvWd6MKOyjmSv1giH7ei5VcLPnKa+nGGguF71boupqx0rZNasJ1Ne8e57Wnm5JQLkbXDl4Ayj8EFwD/tsZ/wrze5G2rhwwmQC7g=; 7:US2MD07qAAo17vYCDwQkakjjsjjOphHV+NTNgKuWFb0oLXvGzAg6uABAk2MR+fyAMF1YQ2slyQayKUdPdHoYOun1B8m8CIG5gIswD4oCuRYSSizopfPUeqsusmW4ijbmqcCTfIPKFNVOUvOFapcZiJaiu/PTPiqGqu0ZolHkJD2MYzA8+ZG9kd0MB0/9EqOCd6wCdgzXHC5JomlZlvJFEQ==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:AM4PR03MB1812;
x-microsoft-antispam-prvs: <AM4PR03MB1812B273CC93E668D3D79A5FBC570@AM4PR03MB1812.eurprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001); SRVR:AM4PR03MB1812; BCL:0; PCL:0; RULEID:; SRVR:AM4PR03MB1812;
x-forefront-prvs: 09760A0505
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(7916002)(24454002)(199003)(377454003)(189002)(97736004)(5001770100001)(68736007)(74482002)(83506001)(102836003)(6116002)(3846002)(4001350100001)(106356001)(106116001)(86362001)(586003)(87936001)(101416001)(3660700001)(105586002)(7846002)(19580395003)(19580405001)(2900100001)(2950100001)(36756003)(11100500001)(66066001)(77096005)(15975445007)(3280700002)(50986999)(2906002)(551544002)(107886002)(81166006)(81156014)(76176999)(54356999)(5002640100001)(92566002)(10400500002)(2501003)(189998001)(5004730100002)(8936002)(122556002)(8676002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR03MB1812; H:AM4PR03MB1811.eurprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; CAT:NONE; LANG:en; CAT:NONE;
received-spf: None (protection.outlook.com: rhul.ac.uk does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <C6E23BF4ED24FC4D9C04EB41AB65C5EC@eurprd03.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: rhul.ac.uk
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Jun 2016 16:23:39.8189 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2efd699a-1922-4e69-b601-108008d28a2e
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR03MB1812
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/s4r6Qd6NnWRDObIr5T7bgoXZ0Rk>
Resent-From: alias-bounces@ietf.org
Resent-To: <>
Subject: Re: [Cfrg] [MASSMAIL]Re: adopting Argon2 as a CFRG document
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jun 2016 16:23:46 -0000

Dear Dmitry,

Please proceed by uploading a new draft as soon as it is ready.

We can certainly give you some speaking time to update us at the CFRG
meeting in Berlin. This will be very helpful indeed.

I should emphasise, of course, that what you may consider to the be the
"final draft" may still be deemed to require further work after review by
the group. That's how it works in IRTF/IETF.

Regards,

Kenny 

On 15/06/2016 15:42, "Cfrg on behalf of Dmitry Khovratovich"
<cfrg-bounces@irtf.org on behalf of khovratovich@gmail.com> wrote:

>Dear chairs and others,
>
>we would like to proceed with the Argon2 draft unless there are strong
>objections. We have expanded the security section of the document to
>inform the user of the potential time-memory tradeoffs given the recent
>analysis papers.
> "Paranoid" parameter sets have been recommended as well. The final draft
>would then be presented in Berlin.
>
>
>
>Best regards,
>the Argon2 team.
>
>
>On Sat, May 21, 2016 at 10:38 AM, Dmitry Khovratovich
><khovratovich@gmail.com> wrote:
>
>Some clarifications due to the increased attention to the paper by Alwen
>and Blocki, which has been presented at the recent Eurocrypt CFRG meeting.
>
>
>1. One of security parameters of memory-hard password hashing functions
>is how much an ASIC attacker can reduce the area-time product (AT) of a
>password cracker implemented on ASIC. The AT is conjectured to be
>proportional to the amortized cracking cost
> per password.
>
>
>2. The memory-hard functions with input-independent memory access (such
>as Argon2i) have been known for its relatively larger AT-reduction factor
>compared to functions with input-dependent memory access (such as
>Argon2d). To mitigate this, the minimum
> of 3 passes over memory for Argon2i was set.
>
>
>3. The best attacks on Argon2, published in the original design document
>in early 2015, have factor 1.3 for Argon2d and factor 3 for Argon2i.
>
>
>4. The best attack found by Alwen and Blocki has factor 2 for Argon2i.
>
>
>5. In a bit more details, the advantage of the Alwen-Blocki attack is
>upper bounded by (M^{1/4})/36, where M is the number of kilobytes used by
>Argon2i. Thus the attack has factor 2 with memory up to 16 GB, and less
>than 1 for memory up to 1 GB. Details
> in Section 5.6 of
>https://www.cryptolux.org/images/0/0d/Argon2.pdf
><https://www.cryptolux.org/images/0/0d/Argon2.pdf>
>
>
>Best regards,
>Argon2 team
>
>
>On Mon, Feb 1, 2016 at 10:06 PM, Dmitry Khovratovich
><khovratovich@gmail.com> wrote:
>
>Dear all,
>
>
>as explained in a recent email
>http://article.gmane.org/gmane.comp.security.phc/3606 , we are fully
>aware of the analysis of Argon2i made by Corrigan-Gibbs et al. , we
> know how to mitigate the demonstrated effect, and have already made some
>benchmarks on the patch.
>
>
>Soon after the Crypto deadline (Feb-9) we will develop a new release
>including code, rationale, and test vectors.
>
>
>-- 
>Best regards,
>the Argon2 team.
>
>
>
>
>
>
>
>
>
>
>
>
>-- 
>Best regards,
>Dmitry Khovratovich
>
>
>
>
>
>
>
>
>
>-- 
>Best regards,
>Dmitry Khovratovich
>
>

v2.23.0 | Report a Bug | By Email