Re: [DNSOP] draft-eastlake-fnv

Tony Finch <dot@dotat.at> Mon, 30 March 2015 07:55 UTC

Return-Path: <fanf2@hermes.cam.ac.uk>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C09731A9136 for <dnsop@ietfa.amsl.com>; Mon, 30 Mar 2015 00:55:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.79
X-Spam-Level:
X-Spam-Status: No, score=0.79 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oZByGOmoziG4 for <dnsop@ietfa.amsl.com>; Mon, 30 Mar 2015 00:55:36 -0700 (PDT)
Received: from ppsw-42.csi.cam.ac.uk (ppsw-42.csi.cam.ac.uk [131.111.8.142]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9E7101A9132 for <dnsop@ietf.org>; Mon, 30 Mar 2015 00:55:36 -0700 (PDT)
X-Cam-AntiVirus: no malware found
X-Cam-ScannerInfo: http://www.cam.ac.uk/cs/email/scanner/
Received: from host86-129-222-51.range86-129.btcentralplus.com ([86.129.222.51]:60617 helo=[192.168.1.107]) by ppsw-42.csi.cam.ac.uk (smtp.hermes.cam.ac.uk [131.111.8.158]:587) with esmtpsa (PLAIN:fanf2) (TLSv1:DHE-RSA-AES256-SHA:256) id 1YcUXm-0003hp-7Y (Exim 4.82_3-c0e5623) (return-path <fanf2@hermes.cam.ac.uk>); Mon, 30 Mar 2015 08:55:34 +0100
Content-Type: multipart/alternative; boundary="Apple-Mail-962A8A68-F150-4857-A3BC-E260EAEB83F4"
Mime-Version: 1.0 (1.0)
From: Tony Finch <dot@dotat.at>
X-Mailer: iPhone Mail (12D508)
In-Reply-To: <CAF4+nEHMPGtdR42qVBRuDuTuOR=Xu-xDRwvOM0L2UXLNVcDvdQ@mail.gmail.com>
Date: Mon, 30 Mar 2015 08:55:33 +0100
Content-Transfer-Encoding: 7bit
Message-Id: <3A9AABA4-0A3A-45D5-9343-D2888EEA3AC8@dotat.at>
References: <683E2720-66F7-4B45-8787-99BD93FA2496@vpnc.org> <CAF4+nEHMPGtdR42qVBRuDuTuOR=Xu-xDRwvOM0L2UXLNVcDvdQ@mail.gmail.com>
To: Donald Eastlake <d3e3e3@gmail.com>
Sender: Tony Finch <fanf2@hermes.cam.ac.uk>
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/u-Xju9W3Gi_bgQwRuGFN8GgD5qk>
Cc: dnsop <dnsop@ietf.org>, Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [DNSOP] draft-eastlake-fnv
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Mar 2015 07:55:38 -0000

In the security considerations, it says:

1. Work Factor - To make brute force inversion hard, a cryptographic hash should be computationally expensive, especially for a general purpose processor. But FNV is designed to be very inexpensive on a general-purpose processor. (See Appendix A.)

As I understand it, the inversion resistance of crypto hash functions is not based on the computational cost of the function. A lot of effort is put in to making hashes fast, because they affect the performance of encrypted communication.

AFAIK the term "work factor" is usually a synonym for the iteration count in higher-level functions like PBKDFs which want slowing down as computers get faster.

Tony.
-- 
f.anthony.n.finch  <dot@dotat.at>  http://dotat.at