Misplaced Pages

Password Hashing Competition

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
#714285

16-396: The Password Hashing Competition was an open competition announced in 2013 to select one or more password hash functions that can be recognized as a recommended standard. It was modeled after the successful Advanced Encryption Standard process and NIST hash function competition , but directly organized by cryptographers and security practitioners. On 20 July 2015, Argon2 was selected as

32-407: A diffusion layer. In the first key-mixing stage, the plaintext block is divided into eight 8-bit segments, and subkeys are added using either addition modulo 256 (denoted by a "+" in a square) or XOR (denoted by a "+" in a circle). The substitution layer consists of two S-boxes , each the inverse of each other, derived from discrete exponentiation (45 ) and logarithm (log 45 x) functions. After

48-648: A great many submissions during the three-month comment period. The result of this feedback was a call for new algorithms on September 12, 1997. The algorithms were all to be block ciphers, supporting a block size of 128 bits and key sizes of 128, 192, and 256 bits. Such ciphers were rare at the time of the announcement; the best known was probably Square . In the nine months that followed, fifteen designs were created and submitted from several countries. They were, in alphabetical order: CAST-256 , CRYPTON , DEAL , DFC , E2 , FROG , HPC , LOKI97 , MAGENTA , MARS , RC6 , Rijndael , SAFER+ , Serpent , and Twofish . In

64-432: A successor to DES to be known as AES. Like DES, this was to be "an unclassified, publicly disclosed encryption algorithm capable of protecting sensitive government information well into the next century." However, rather than simply publishing a successor, NIST asked for input from interested parties on how the successor should be chosen. Interest from the open cryptographic community was immediately intense, and NIST received

80-465: A variant incorporating new key schedule designed by the Singapore Ministry for Home affairs: SAFER K-128 . However, both Lars Knudsen and Sean Murphy found minor weaknesses in this version, prompting a redesign of the key schedule to one suggested by Knudsen; these variants were named SAFER SK-64 and SAFER SK-128 respectively — the "SK" standing for "Strengthened Key schedule", though

96-455: Is a stub . You can help Misplaced Pages by expanding it . Advanced Encryption Standard process The Advanced Encryption Standard (AES), the symmetric block cipher ratified as a standard by National Institute of Standards and Technology of the United States (NIST), was chosen using a process lasting from 1997 to 2000 that was markedly more open and transparent than its predecessor,

112-544: The AES process and the NESSIE project respectively. All of the algorithms in the SAFER family are unpatented and available for unrestricted use. The first SAFER cipher was SAFER K-64 , published by Massey in 1993, with a 64-bit block size . The "K-64" denotes a key size of 64 bits. There was some demand for a version with a larger 128-bit key , and the following year Massey published such

128-517: The Data Encryption Standard (DES). This process won praise from the open cryptographic community, and helped to increase confidence in the security of the winning algorithm from those who were suspicious of backdoors in the predecessor, DES. A new standard was needed primarily because DES had a relatively small 56-bit key which was becoming vulnerable to brute-force attacks . In addition, the DES

144-488: The RSA FAQ reports that, "one joke has it that SK really stands for 'Stop Knudsen', a wise precaution in the design of any block cipher". Another variant with a reduced key size was published, SAFER SK-40 , to comply with 40-bit export restrictions. All of these ciphers use the same round function consisting of four stages, as shown in the diagram: a key-mixing stage, a substitution layer, another key-mixing stage, and finally

160-526: The AES process." SAFER In cryptography , SAFER ( Secure And Fast Encryption Routine ) is the name of a family of block ciphers designed primarily by James Massey (one of the designers of IDEA ) on behalf of Cylink Corporation. The early SAFER K and SAFER SK designs share the same encryption function, but differ in the number of rounds and the key schedule . More recent versions — SAFER+ and SAFER++ — were submitted as candidates to

176-596: The AES3 conference in April 2000, at which a representative of each of the final five teams made a presentation arguing why their design should be chosen as the AES. The AES3 conference votes were as follows: On October 2, 2000, NIST announced that Rijndael had been selected as the proposed AES and started the process of making it the official standard by publishing an announcement in the Federal Register on February 28, 2001 for

SECTION 10

#1732883950715

192-402: The draft FIPS to solicit comments. On November 26, 2001, NIST announced that AES was approved as FIPS PUB 197. NIST won praises from the cryptographic community for the openness and care with which they ran the standards process. Bruce Schneier , one of the authors of the losing Twofish algorithm, wrote after the competition was over that "I have nothing but good things to say about NIST and

208-659: The ensuing debate, many advantages and disadvantages of the candidates were investigated by cryptographers; they were assessed not only on security, but also on performance in a variety of settings (PCs of various architectures, smart cards, hardware implementations) and on their feasibility in limited environments (smart cards with very limited memory, low gate count implementations, FPGAs). Some designs fell due to cryptanalysis that ranged from minor flaws to significant attacks, while others lost favour due to poor performance in various environments or through having little to offer over other candidates. NIST held two conferences to discuss

224-793: The final PHC winner, with special recognition given to four other password hashing schemes: Catena, Lyra2 , yescrypt and Makwa. One goal of the Password Hashing Competition was to raise awareness of the need for strong password hash algorithms, hopefully avoiding a repeat of previous password breaches involving weak or no hashing, such as the ones involving RockYou (2009), JIRA , Gawker (2010), PlayStation Network outage , Battlefield Heroes (2011), eHarmony , LinkedIn , Adobe , ASUS , South Carolina Department of Revenue (2012), Evernote , Ubuntu Forums (2013), etc. The organizers were in contact with NIST, expecting an impact on its recommendations. This cryptography-related article

240-527: The submissions (AES1, August 1998 and AES2, March 1999 ), and in August 1999 they announced that they were narrowing the field from fifteen to five: MARS , RC6 , Rijndael , Serpent , and Twofish . All five algorithms, commonly referred to as "AES finalists", were designed by cryptographers considered well-known and respected in the community. The AES2 conference votes were as follows: A further round of intense analysis and cryptanalysis followed, culminating in

256-416: Was designed primarily for hardware and was relatively slow when implemented in software. While Triple-DES avoids the problem of a small key size, it is very slow even in hardware, it is unsuitable for limited-resource platforms, and it may be affected by potential security issues connected with the (today comparatively small) block size of 64 bits. On January 2, 1997, NIST announced that they wished to choose

#714285