The Candidates for Password Hashing Competition - JP Aumasson

The Candidates for Password Hashing Competition - JP Aumasson

via YouTube Direct link

RIG (Chang, Jati, Mishra, Sanadhya) uses BLAKE2b • bit-reversal permutation mitigation of cache-timing leaks supports server relief and hash upgrade

17 of 22

17 of 22

RIG (Chang, Jati, Mishra, Sanadhya) uses BLAKE2b • bit-reversal permutation mitigation of cache-timing leaks supports server relief and hash upgrade

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

The Candidates for Password Hashing Competition - JP Aumasson

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 submissions requirements specs, reference code, test vectors salt, time and memory parameters IP statement: no patent, royalty-free
  3. 3 Antcrypt (Duermuth, Zimmerman) uses SHA-512 • floating-point arithmetic (pros and cons) separation crypto- and compute-hardness clear and well-motivated design
  4. 4 Argon (Biryukov, Khovratovich) • uses AES-128 (thus Nis on defenders' CPUs) • up to 32x parallelism, optional secret key
  5. 5 battcrypt (Thomas) Blowfish All The Things, and SHA-512 • suited for PHP (has a native Blowfish)
  6. 6 Catena (Forler, Lucks, Wenzel) • uses BLAKE2b (thus SIMD on defenders' CPUs) • graph-based structure, optional secret key
  7. 7 Centrifuge (Alvarez) uses AES-256-CFB and SHA-512 • benefits of AES-NI on defenders' CPUs • password- and salt-dependent "S-box" RC4-like byte pseudorandom byte swap
  8. 8 Gambit (Pinter) uses Keccak[1600] (sponge function) • optional local ROM table customizable word-to-word transform
  9. 9 Lanarea (Mubarak) uses BLAKE2b "heavily serial operations" (no //ism) "nonuniform section timings" (no pipelining) supports hash upgrade
  10. 10 Lyra2 (Simplicio Jr, Almeida, Andrade, dos Santos, Barrato) uses BLAKE2b (permut) in a duplex sponge • 2-dimensional memory parameter "basil" personalization string thorough security analysis
  11. 11 uses bignum arithmetic (modular squarings) • uses HMAC_DRBG supports delegation to untrusted systems supports password escrow, hash upgrade
  12. 12 Omega Crypt (Enright) uses ChaCha and CubeHash (SIMD-friendly) data-dependent branchings... ... yet timing attack mitigation
  13. 13 uses SHA-512 2-dimension time cost: sequential & parallel • constant (low) memory • minimalistic and compact design
  14. 14 PolyPassHash (Cappos, Arias) uses AES, SHA-256, SSS • threshold of pwds needed to unlock the DB • only appropriate when many users
  15. 15 POMELO (Wu) no external primitive (fully original algorithm) • simple FSR-like update functions partial mitigation of cache-timing attacks compact self-contained implementations
  16. 16 Pufferfish (Gosney) uses Blowfish, HMAC-SHA-512 • tweaked Blowfish (pwd-dependent S-boxes, etc.) a modern bcrypt (64-bit, variable memory) • JTR patches available
  17. 17 RIG (Chang, Jati, Mishra, Sanadhya) uses BLAKE2b • bit-reversal permutation mitigation of cache-timing leaks supports server relief and hash upgrade
  18. 18 Tortuga (Sch) uses Turtle (Blaze, 1996) as permutation keyed sponge structure (absorb/squeeze) original and simple construction
  19. 19 Yarn (Capun) • uses AES round and BLAKE2b • parallelism parameterizable 3 "time" parameters for distinct resources simple and compact design
  20. 20 yescrypt (Peslyak a.k.a. Solar Designer) uses scrypt with optional tweaks (via bit flags) • optional: local ROM, Salsa20 replacement more parallelism options (thread and inst. level) • supports serve…
  21. 21 evaluation criteria security (pseudorandomness, etc.) efficiency ratio (e.g. CPU vs GPU) simplicity (#LOCs, dependencies, etc.) extra functionalities target application etc.
  22. 22 we need reviews of the implementations third-party implementations (to check consistency with the specs, etc.) cryptanalysis (memory bypass, side-channel attacks, etc.) any comment or suggestion to i…

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.