Discover and read the best of Twitter Threads about #needsBenchmarks

Most recents (1)

I've been meaning to do a postmortem on the password hashing competition for probably over 2 years. I wanted optimized defender and attacker code for each algo. So we could make a good choice. We really needed to have an optimization competition with financial rewards.
Also if we auto submitted "pre and post hashed bcrypt" it probably would of made us go "oh shit 'memory hard' is not the way to go it's 'cache hard'". Since a better cache hard algo, like Pufferfish, is better for "≲2.5 second" runs than Argon2 (both tuned correctly).
Pufferfish isn't the best cache hard algo. It too closely aligned to bcrypt: it took the bad parts and didn't improve enough on the good parts. I realize this now after spending a fuck ton of time on "not bcrypt". Now "bs(crypt)" because "BS(PAKE)"… cause self deprecation FTW.
Read 9 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!