[Cryptography] Pre-image security of SHA-256 reduced to 16 rounds
Tom Mitchell
mitch at niftyegg.com
Thu Jan 30 23:50:03 EST 2014
On Sunday, January 19, 2014, Sergio Lerner <sergiolerner at pentatek.com>
wrote:
> I'm working in a password hashing construction (RandMemoHash, see
> http://bitslog.wordpress.com/2013/12/31/strict-memory-hard-hash-functions/
> ).
>
> I need the fastest possible crypto "hash" function, even if breaking
> pre-image resistance requires about 2^32 operations. Collision
> resistance is unimportant.
>
Interesting, you are looking for a hash function that does not lend itself
to GPU hardware and other common cost effective attacks inside of a time
window you consider safe. Bitcoin hardware attack safe....
In other threads a strategy like this would be suspect as an NSA ploy to
establish a process into general use that they can attack but others not.
They could sit on some insight to their advantage while others could not
play. Since one validation is speed matching against internet latency...
That seems ephemeral and or subject to attack.
I did note a comment in the paper about access and cache. N-way associative
cache, cache size aware compilers, speculative execution etc could confound
or confuse this goal as could memory technology.
I am tempted to coin a phrase: "Put a best if used before date on this
strategy".
--
I be mobile, excuse my tipping!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140130/c907277b/attachment.html>
More information about the cryptography
mailing list