Steve Profile picture
Jul 13, 2019 9 tweets 3 min read
I've been meaning to do a postmortem on the password hashing competition for probably over 2 years. I wanted optimized defender and attacker code for each algo. So we could make a good choice. We really needed to have an optimization competition with financial rewards.
Also if we auto submitted "pre and post hashed bcrypt" it probably would of made us go "oh shit 'memory hard' is not the way to go it's 'cache hard'". Since a better cache hard algo, like Pufferfish, is better for "≲2.5 second" runs than Argon2 (both tuned correctly).
Pufferfish isn't the best cache hard algo. It too closely aligned to bcrypt: it took the bad parts and didn't improve enough on the good parts. I realize this now after spending a fuck ton of time on "not bcrypt". Now "bs(crypt)" because "BS(PAKE)"… cause self deprecation FTW.
With current CPUs/GPUs and a good cache hard algo using 128KiB to 256KiB is ~5x harder than bcrypt by pushing it to global RAM. This means it pushes "better than memory hard (with correct settings)" from "≲1 second" to "≲2.5 seconds".
As a panelist, I fucked up during the competition. I burnt out breaking the bear one--Makwa which changed just before I was going to post my analysis. So I delayed posting it until I read the changes… but burn out. Makwa is good for only one feature. All other features are *BAD*
battcrypt (mine) sucks (besides trying to be both cache and mem hard) because PHP actually implemented the winner which was super unexpected. Parallel (mine) sucks because it needs special hardware (otherwise better than mem hard w/ ≲4GiB). #needsBenchmarks (also the ≲1, ≲2.5)
This was going to be like 1 or 2 tweets… well originally it was a blog post but lazy. Also #drunk… anyway we should probably have another password hashing competition for a cache hard algo. But this time state input and output are fixed width values like 128, 256, or 512 bits.
Right I forgot to mention there should be wrapper functions for Argon2 called "Argon2Simple" that only takes a cost and "Argon2SimpleKDF" that takes a cost and p. On the back end it does Argon2id, t=3, p=1 (for Argon2Simple), m=16KiB*2**cost*p. This is good for 99% of cases.
I should cc @veorq on this just so he sees it. "Argon2Simple" is important because PHP and KeePass both got this wrong on defaults. KeePass for "1 second delay" does Argon2d, p=2, m=1MiB, t=[enough for 1 second delay] and PHP does/did Argon2i, p=2, m=1MiB, t=2 (changing "soon").

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with Steve

Steve Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @Sc00bzT

Jul 26, 2020
I watched the trailer for "For All Mankind" season 2 and was like that's a Marilyn Manson song…? "The Beautiful People"?… nope… oh I know it's "Sweet Dreams"… oh fuck he did black face 😳. Also wrong song… hmm was that a cover or something? Ah "Sweet Dreams" by Eurythmics.
I think my brain is broken. I'll "Blame It (on the alcohol)" by Jamie Foxx… that song is super rapey. Was that a cover or something because I do not remember the lyrics besides "blame it on the alcohol". This is like when I tweeted "Netflix and chill" not knowing it was sexual.
Wait don't look for that Tweet unless you understand that by "Netflix and chill" I meant watch Netflix and relax while sitting on a couch (ie chill). Otherwise it's fucked up… oh it's not that bad thought I said like "Netflix and chill with my parents"
Read 6 tweets
Feb 8, 2020
Correction: there are over one million people on the "have not committed a crime list and are being harassed".
Note my previous tweet might make you think I'm picking and choosing but I think far right-wing/Neo-Nazis/white nationalist terrorists should have rights… also should be infiltrated and monitored. Note they should have encryption… it's just spies should be in their group.
P.S. This does not mean a company should insert a fake user into a group, but the FBI, NSA, DHS, etc should find them and get an invite.
Read 4 tweets
Dec 15, 2019
Best Xmas movie is "A Christmas Horror Story" (obviously a play on "A Christmas Story")… Also "christmas horror" is like the best movie genre.
In "A Christmas Horror Story" just ignore the high school documentary thing, the other three are the only ones I remembered. Just now I'm like "oh there's a forth story?"
I think I forgot all the shitty parts of this movie and was like zombie elves, Krampus, and changeling fuck yeah…god damn the ghost possession high school thing is fucked. Can someone edit this movie to remove the ghost story thing?
Read 6 tweets
Aug 30, 2019
I fcuking love whacthing dumb people come up with "solutions" while drunk. @SGgrc's "how to slove hotel mobile phone keys" is fucking stupid because publie key crypto is slow AF and it could use symeterec. Since it's like "AES counter to get nect private key". That's a ratchet.
He could just basically-ish do s/asymmetric/symmetric/ and it's good. I had a way more complex solution just because you should not let in someone after they shouldn't (even if the next customer hasn't come in) and clock skew. Also master keys, common doors, & dumping lock's mem.
Uhh @SGgrc, please don't start a hotel lock company or do so you find out you're stupid… Never mind "it's not even worth doing, it's so simple".
Read 4 tweets
Jul 3, 2019
Cool story bro, but:
1 SMS is not encrypted
2 Of those mentioned only Signal is not obviously broken, besides phone numbers
3 Outlawing crypto means we'll get better crypto and only "outlaws" will use it
4 99.9999% of cases don't need to break crypto
5 Terrorism "doesn't exist" (0.0000001%=="doesn't exist")
6 Drugs aren't that bad
7 If you wanted to protect children, then outlaw religions. Because pedos gravitate towards them. (Note only one religion got publicly shamed for it, but all religions "deal with"/hide it.)
"Joel Wallenstrom—[sic]the CEO of uber-secure messaging platform Wickr"—WTF @UKZak, are you a government agent trying to get people to use bad crypto?

PS That's how you actually use an em dash. If you are not aware, both of your em dashes should be commas

PPS I failed English🔥
Read 4 tweets
Apr 6, 2019
Just remembered I forgot to do this to variable names in my blog. Do screen readers read things that are "display: none" in CSS? Also how do you force a translator to see "some Variable" as "some variable"? because Google translate is messing up thinking it's a proper noun.
Also which I just found out I never updated it to formulas.php… oh it's unfinished. Anyway I was testing with (en->es->en). Which doesn't translate how it should, except in the hover over text on the last one.
I've been meaning to do this since an email conversation and found out that someVariableName didn't translate to Chinese. OK bad example hidden spaces makes that translate nice. Anyway should I hide text like someVariableName<span class="hide"> (some variable name)</span>?
Read 6 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!


0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy


3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!