[Outofthebox] Salsa20 : the new DJB's hash function

Angelo Dell'Aera buffer at olografix.org
Thu Oct 6 17:58:02 CEST 2005 

On Fri, 30 Sep 2005 15:24:42 +0200
sand <sand at olografix.org> wrote:

> The Salsa20 encryption function, also known as Snuffle 2005 is simple
> and very fast. And since DJB is one of the most skilled guy in the
> world when it comes to crypto stuff, you can expect it to be extremely
> secure."
> 
> hash: http://cr.yp.to/salsa20.html
> encrypt: http://cr.yp.to/snuffle.html
> 
> E ORA PARLATE!

Incuriosito dal tuo post sono andato a dare un'occhiata alla pagina che
dovrebbe contenere la documentazione di Salsa20 e che ti leggo?!

"At the end of 2005 I will award a $1000 prize for the public Salsa20
cryptanalysis that I consider most interesting. Cryptanalysts are
strongly encouraged

    * to generalize their attacks from 32-bit words to w-bit words for
      every w in {2,4,6,8,...,32};    
    * to generalize their attacks from 20 rounds to r rounds for every r
      in {2,4,6,8,...,20};    
    * to state the success probability of the attack for all pairs
       (w,r);    
    * to state the time taken by the attack for all pairs (w,r);  
    * to state the price of the attack machine (memory, etc.) for all
      pairs (w,r); and    
    * to publish software verifying these statements for as many pairs
      (w,r) as possible. 

Every attack should be fast when w and r are small; and there is no
excuse for failing to have a computer verify that a fast attack works.

I won't make any promises regarding what I'll find interesting, but
experience suggests the following guidelines:

    * Breaking larger r's wins bonus points. ``Breaking'' is defined by
      being faster than brute force for the same cost of cryptanalytic
      hardware.    
    * Extra speed wins bonus points.
    * Early publication wins bonus points. Don't hold back!
    * New ideas win bonus points. "


Dopo aver letto questa cosa mi viene in mente che odio DJB proprio per
questo suo modo di porsi nei confronti del resto del mondo di noi poveri
mortali. Che poi a dirla tutta per l'integer overflow in Qmail (NdM[1]
che e' ancora li' a dirla tutta) non mi pare che abbia cacciato neanche
un miserimmo dollaro. Verissimo che e' praticamente impossibile da
sfruttare ma questo e' un altro discorso...

Per la questione tecnica, in effetti sembrerebbe davvero veloce visto
cosi' ad occhio. Sulle altre qualita' dell'algoritmo preferisco lasciar
parlare i piu' esperti.

Regards.


[1] NdM : Nota del Moderatore

-- 

Angelo Dell'Aera 'buffer' 
Antifork Research, Inc.	  	http://buffer.antifork.org
Metro Olografix

PGP information in e-mail header


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.olografix.org/pipermail/outofthebox/attachments/20051006/e08935f3/attachment-0002.bin>

More information about the Outofthebox mailing list