Re: [Cfrg] Balloon-Hashing or Argon2i.
Bill Cox <waywardgeek@gmail.com> Thu, 11 August 2016 16:20 UTC
Return-Path: <waywardgeek@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E17912D7FE for <cfrg@ietfa.amsl.com>; Thu, 11 Aug 2016 09:20:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EBE4_Dvh1dpE for <cfrg@ietfa.amsl.com>; Thu, 11 Aug 2016 09:20:29 -0700 (PDT)
Received: from mail-yw0-x235.google.com (mail-yw0-x235.google.com [IPv6:2607:f8b0:4002:c05::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 62EC212D5AD for <cfrg@irtf.org>; Thu, 11 Aug 2016 09:20:29 -0700 (PDT)
Received: by mail-yw0-x235.google.com with SMTP id u134so273109ywg.3 for <cfrg@irtf.org>; Thu, 11 Aug 2016 09:20:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=E96kU+fNn8GMbmCHgI8xUMczgtCotXL5K1iikW5wKFw=; b=rLqwTAcB+URBj0nMi+GF84B9/Ki6fA4SIccbe+eJnfw0+6NHE41t+GUOTq//Q9pWq9 JDwgE4JKklDOrI+3g4XSpbTrLFdzseQ+I05ZVIHuxV0DSzE+4coLU9XD9icKeu92L1sz QXvbp7Z0INasU0jVZCS6geMXNrOX/780vjWke3HRXYhcI/Mo4lXz1Kz1pTFd9VZRs2bb nNAHsbvVXW1ZHwdoBKZP2ZIRd+ggoILrhNiI3UCPjamgyxNLiHLnLv/+pmzFqUYBksLQ QFOSrVVERHuepGIV8tV7tmGj9Z1uX3dq1zMTZYBebnKOKQ6pymcmyn4bBE6CyLE+qzHS qU+A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=E96kU+fNn8GMbmCHgI8xUMczgtCotXL5K1iikW5wKFw=; b=D4VC9Y2bMSzycZcx5SUxFbp0DIgUO/d1eCmfvYO3M3HVFsOT/j+lMMJj65mc+BMT39 7rKUGY8bdSsjoD3OS18kqYldK6V+qeBU2kX7DiarRAZ0JnQKgnWilJYDb3Ou/ZKRgaOe DvL+pVFdroiTwQmvYWJIrcYvSpx55hpAL0W7aGPD2ynEPos3pd2wWOjZSQ6QG3QaU20y JmB6dt56kDZLF8SMMoUZdaO+PbXRoHp2UojbLRBhOTlFUGOwYDkKrxSLuUb2wKhgSwMX oREIRY1u0wTKZNRFD//i8Qr2bkHw5Ni5t6DPqfmvZTc2brPZsKeEc1BZbLwkgGD0C8Cb APwg==
X-Gm-Message-State: AEkoouslnLLYm0GFrB6CIEGyx/YXFB8QPi0M2DCQXRTWlD+xla+ANz3SxC7WEwQd4ntYHJOl1O+a2torp5pVDA==
X-Received: by 10.13.249.194 with SMTP id j185mr6882119ywf.155.1470932428589; Thu, 11 Aug 2016 09:20:28 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.53.17 with HTTP; Thu, 11 Aug 2016 09:20:28 -0700 (PDT)
In-Reply-To: <CAOLP8p4m7RdY-UO3XLWBpPk09GBP05ESO_pErFx1NWOqOjYwqg@mail.gmail.com>
References: <574601EF.60205@ist.ac.at> <574C7E2B.5080700@stanford.edu> <CALW8-7+D6BSzE4ufubZys=6ECn7GUvRQA2CDxKAANgvvOwddqQ@mail.gmail.com> <1cd036cd-e15b-7f9c-c3d5-28f6e2ef4c2b@stanford.edu> <CALW8-7+MZ-b1VGc+4EOReCEbvCVou+e9UbzfR9sJMZavwqp64A@mail.gmail.com> <CAKDPBw-fJo=YEy1QPT9k2OMWf511=bXtZbZdn0R-UyMaVM0djQ@mail.gmail.com> <CALW8-7+ZfnpisFXYhyYPsvSz2zzz+NaZMezpMfKxgiSohLoQ=A@mail.gmail.com> <CAOLP8p4m7RdY-UO3XLWBpPk09GBP05ESO_pErFx1NWOqOjYwqg@mail.gmail.com>
From: Bill Cox <waywardgeek@gmail.com>
Date: Thu, 11 Aug 2016 09:20:28 -0700
Message-ID: <CAOLP8p73rbu7H0L4b2e3c9EOKR87Fh-5tRdEA3W947PTRjP88w@mail.gmail.com>
To: Dmitry Khovratovich <khovratovich@gmail.com>
Content-Type: multipart/alternative; boundary="94eb2c082334e512bb0539ce2460"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/uY76ZD1TB_GZ_cP5Yj4_gySuKs4>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Balloon-Hashing or Argon2i.
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Aug 2016 16:20:30 -0000
To summarize what I think should happen here: I recommend continuing with any standardization effort that would have gone forward without the published TMTO attacks that claim to save power while recomputing values many times. Intuitively, it is simply less power to store and reuse results than recomputing them, which turns out to be true in real ASIC implementations.
- Re: [Cfrg] Balloon-Hashing or Argon2i. Bill Cox
- Re: [Cfrg] Balloon-Hashing or Argon2i. Joel Alwen
- Re: [Cfrg] Balloon-Hashing or Argon2i. Bill Cox
- Re: [Cfrg] Balloon-Hashing or Argon2i. Blocki, Jeremiah Martin
- Re: [Cfrg] Balloon-Hashing or Argon2i. krzysztof pietrzak
- Re: [Cfrg] Balloon-Hashing or Argon2i. Bill Cox
- Re: [Cfrg] Balloon-Hashing or Argon2i. Stefano Tessaro
- Re: [Cfrg] Balloon-Hashing or Argon2i. Jean-Philippe Aumasson
- Re: [Cfrg] Balloon-Hashing or Argon2i. Andy Lutomirski
- Re: [Cfrg] Balloon-Hashing or Argon2i. krzysztof pietrzak
- Re: [Cfrg] Balloon-Hashing or Argon2i. Bill Cox
- Re: [Cfrg] Balloon-Hashing or Argon2i. Dmitry Khovratovich
- Re: [Cfrg] Balloon-Hashing or Argon2i. Bill Cox
- Re: [Cfrg] Balloon-Hashing or Argon2i. Dmitry Khovratovich
- Re: [Cfrg] Balloon-Hashing or Argon2i. Paul Grubbs
- [Cfrg] Balloon-Hashing or Argon2i. Joel Alwen
- Re: [Cfrg] Balloon-Hashing or Argon2i. Henry Corrigan-Gibbs
- Re: [Cfrg] Balloon-Hashing or Argon2i. Dmitry Khovratovich
- Re: [Cfrg] Balloon-Hashing or Argon2i. Henry Corrigan-Gibbs
- Re: [Cfrg] Balloon-Hashing or Argon2i. Dmitry Khovratovich