Re: [saag] AD sponsoring draft-josefsson-scrypt-kdf
Simon Josefsson <simon@josefsson.org> Thu, 13 August 2015 14:24 UTC
Return-Path: <simon@josefsson.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B92E1B2DCC for <saag@ietfa.amsl.com>; Thu, 13 Aug 2015 07:24:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.551
X-Spam-Level:
X-Spam-Status: No, score=-1.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 27EKWfxMEBlN for <saag@ietfa.amsl.com>; Thu, 13 Aug 2015 07:24:40 -0700 (PDT)
Received: from duva.sjd.se (duva.sjd.se [IPv6:2001:9b0:1:1702::100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA9CD1A00BE for <saag@ietf.org>; Thu, 13 Aug 2015 07:24:39 -0700 (PDT)
Received: from latte.josefsson.org ([155.4.17.3]) (authenticated bits=0) by duva.sjd.se (8.14.4/8.14.4/Debian-4) with ESMTP id t7DEO9ab010142 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT); Thu, 13 Aug 2015 16:24:10 +0200
From: Simon Josefsson <simon@josefsson.org>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
References: <559153E0.5050102@cs.tcd.ie> <55C932F6.7080203@cs.tcd.ie> <87y4hg9lnt.fsf@latte.josefsson.org> <CAJU7za+GW8HWCuTzG7YuV2k=pDFrkkGxaxQ9h+=Q6xG9NyQQ8A@mail.gmail.com> <CAHbuEH7peLvze9Wcphk5pSbCpGhdW3AsqtqaYSk=pomHNn9Mkg@mail.gmail.com>
OpenPGP: id=54265E8C; url=http://josefsson.org/54265e8c.txt
X-Hashcash: 1:22:150813:nmav@gnutls.org::uaUOiNID1N8iKK+s:2o3K
X-Hashcash: 1:22:150813:saag@ietf.org::wEBK3hnwF7VOoGhY:2u/5
X-Hashcash: 1:22:150813:kathleen.moriarty.ietf@gmail.com::BvMZM3/8/1MmKml/:VYeG
Date: Thu, 13 Aug 2015 16:24:08 +0200
In-Reply-To: <CAHbuEH7peLvze9Wcphk5pSbCpGhdW3AsqtqaYSk=pomHNn9Mkg@mail.gmail.com> (Kathleen Moriarty's message of "Thu, 13 Aug 2015 09:10:25 -0400")
Message-ID: <87a8tv8dx3.fsf@latte.josefsson.org>
User-Agent: Gnus/5.130014 (Ma Gnus v0.14) Emacs/24.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
X-Virus-Scanned: clamav-milter 0.98.7 at duva.sjd.se
X-Virus-Status: Clean
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/EODfYQ-96kmgzyN8xTzxeIxCeJ0>
Cc: "saag@ietf.org" <saag@ietf.org>
Subject: Re: [saag] AD sponsoring draft-josefsson-scrypt-kdf
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Aug 2015 14:24:43 -0000
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> writes: > On Thu, Aug 13, 2015 at 7:48 AM, Nikos Mavrogiannopoulos > <nmav@gnutls.org> wrote: >> On Thu, Aug 13, 2015 at 12:39 AM, Simon Josefsson <simon@josefsson.org> wrote: >>> DES-based UNIX Crypt-function, >>> FreeBSD MD5 crypt, >>> GNU SHA-256/512 crypt >>> Windows NT LAN Manager (NTLM) hash >>> Blowfish-based bcrypt >> >> The latter was published in USENIX 1999: >> https://www.usenix.org/legacy/event/usenix99/provos/provos.pdf >> >>> As far as I know, Salsa20 was not published at any conference or >>> journal, so there may not be any better references. >> >> Salsa20 was an official submission to estream competition, so the >> authoritative reference is the design articles at: >> http://www.ecrypt.eu.org/stream/salsa20pf.html (the "Salsa20 >> specification" and "Salsa20 design"). > > I'd jut like to take a step back from the reference question to ask, > why is salsa used as a hash when it was designed as a stream cipher? This is a terminology issue. 'Salsa20 core' or 'Salsa20 hash' is explained here: http://cr.yp.to/salsa20.html Salsa20 core is a hash function, in its general sense, see: https://en.wikipedia.org/wiki/Hash_function In particular, Salsa20 core is NOT a cryptographic hash function. Compare Salsa20 core to FNV or CRC or something similar, not to SHA-1. Salsa20 the stream cipher is based on the Salsa20 core hash function. Scrypt does not use Salsa20 the stream cipher. Think of the Salsa20 hash function as similar to FNV hash. This said, I'm not convinced the estream Salsa20 specification is the most suitable reference to explain the Salsa20 core hash function. The eSTREAM site linked above only appear to publish a ZIP file with the algorithm specification. Is that a good reference? However, perhaps we can add it as an additional reference? Then there is always the worry about which is the "right" one in case of differences, but since the draft includes test vectors I doubt there will be any confusion. > Is there a reason Blake2 (derived from chacha) was not used instead? 1) Scrypt needs a (fast) mathematic hash function, not a cryptographic hash. 2) Age; ChaCha and Scrypt were designed at the same time. > Maybe there is a good reason and I'd be interested to have that > background. I hope this helps. /Simon
- [saag] AD sponsoring draft-josefsson-scrypt-kdf Stephen Farrell
- Re: [saag] AD sponsoring draft-josefsson-scrypt-k… Salz, Rich
- Re: [saag] AD sponsoring draft-josefsson-scrypt-k… Stephen Farrell
- Re: [saag] AD sponsoring draft-josefsson-scrypt-k… Simon Josefsson
- Re: [saag] AD sponsoring draft-josefsson-scrypt-k… Nikos Mavrogiannopoulos
- Re: [saag] AD sponsoring draft-josefsson-scrypt-k… Kathleen Moriarty
- Re: [saag] AD sponsoring draft-josefsson-scrypt-k… Simon Josefsson
- Re: [saag] AD sponsoring draft-josefsson-scrypt-k… Kathleen Moriarty
- Re: [saag] AD sponsoring draft-josefsson-scrypt-k… Simon Josefsson
- Re: [saag] AD sponsoring draft-josefsson-scrypt-k… Benjamin Kaduk
- Re: [saag] AD sponsoring draft-josefsson-scrypt-k… ianG
- Re: [saag] AD sponsoring draft-josefsson-scrypt-k… Simon Josefsson
- Re: [saag] AD sponsoring draft-josefsson-scrypt-k… Stephen Farrell