Play all

Intro

submissions requirements specs, reference code, test vectors salt, time and memory parameters IP statement: no patent, royalty-free

Antcrypt (Duermuth, Zimmerman) uses SHA-512 • floating-point arithmetic (pros and cons) separation crypto- and compute-hardness clear and well-motivated design

Argon (Biryukov, Khovratovich) • uses AES-128 (thus Nis on defenders' CPUs) • up to 32x parallelism, optional secret key

battcrypt (Thomas) Blowfish All The Things, and SHA-512 • suited for PHP (has a native Blowfish)

Catena (Forler, Lucks, Wenzel) • uses BLAKE2b (thus SIMD on defenders' CPUs) • graph-based structure, optional secret key

Centrifuge (Alvarez) uses AES-256-CFB and SHA-512 • benefits of AES-NI on defenders' CPUs • password- and salt-dependent "S-box" RC4-like byte pseudorandom byte swap

Gambit (Pinter) uses Keccak[1600] (sponge function) • optional local ROM table customizable word-to-word transform

Lanarea (Mubarak) uses BLAKE2b "heavily serial operations" (no //ism) "nonuniform section timings" (no pipelining) supports hash upgrade

Lyra2 (Simplicio Jr, Almeida, Andrade, dos Santos, Barrato) uses BLAKE2b (permut) in a duplex sponge • 2-dimensional memory parameter "basil" personalization string thorough security analysis

uses bignum arithmetic (modular squarings) • uses HMAC_DRBG supports delegation to untrusted systems supports password escrow, hash upgrade

Omega Crypt (Enright) uses ChaCha and CubeHash (SIMD-friendly) data-dependent branchings... ... yet timing attack mitigation

uses SHA-512 2-dimension time cost: sequential & parallel • constant (low) memory • minimalistic and compact design

PolyPassHash (Cappos, Arias) uses AES, SHA-256, SSS • threshold of pwds needed to unlock the DB • only appropriate when many users

POMELO (Wu) no external primitive (fully original algorithm) • simple FSR-like update functions partial mitigation of cache-timing attacks compact self-contained implementations

Pufferfish (Gosney) uses Blowfish, HMAC-SHA-512 • tweaked Blowfish (pwd-dependent S-boxes, etc.) a modern bcrypt (64-bit, variable memory) • JTR patches available

RIG (Chang, Jati, Mishra, Sanadhya) uses BLAKE2b • bit-reversal permutation mitigation of cache-timing leaks supports server relief and hash upgrade

Tortuga (Sch) uses Turtle (Blaze, 1996) as permutation keyed sponge structure (absorb/squeeze) original and simple construction

Yarn (Capun) • uses AES round and BLAKE2b • parallelism parameterizable 3 "time" parameters for distinct resources simple and compact design

yescrypt (Peslyak a.k.a. Solar Designer) uses scrypt with optional tweaks (via bit flags) • optional: local ROM, Salsa20 replacement more parallelism options (thread and inst. level) • supports serve…

evaluation criteria security (pseudorandomness, etc.) efficiency ratio (e.g. CPU vs GPU) simplicity (#LOCs, dependencies, etc.) extra functionalities target application etc.

we need reviews of the implementations third-party implementations (to check consistency with the specs, etc.) cryptanalysis (memory bypass, side-channel attacks, etc.) any comment or suggestion to i…

Description:

Explore the candidates for Password Hashing Competition (PHC) in this conference talk by JP Aumasson. Dive into the details of various password hashing algorithms, including Antcrypt, Argon, battcrypt, Catena, Centrifuge, Gambit, Lanarea, Lyra2, Omega Crypt, PolyPassHash, POMELO, Pufferfish, RIG, Tortuga, Yarn, and yescrypt. Learn about their unique features, cryptographic primitives used, memory and time parameters, and security considerations. Gain insights into the evaluation criteria for these algorithms, including security, efficiency ratio, simplicity, and extra functionalities. Understand the importance of third-party implementations and cryptanalysis in assessing the strength of these password hashing solutions.

The Candidates for Password Hashing Competition - JP Aumasson

Add to list

#Computer Science #Cryptography #Password Hashing #Information Security (InfoSec) #Cybersecurity #Algorithms #Encryption #Data Protection #Cryptanalysis