<samholmes:matrix.org> I'm researching the applications of RandomX for spam and KDF

<samholmes:matrix.org> If any short-comings.*

<samholmes:matrix.org> My curiosity is why it wouldn't be used more often for KDFs considering it's strong ASIC resistance.

<jpk68:matrix.org> I am not really qualified to answer this, however I believe the answer to a similar, previous question was that it isn't constant-time, thus making it unsuitable for such applications.

<jpk68:matrix.org> Also, the fact that preimage resistance is important for password hashing (and isn't really something RandomX needs to have) could be concerning

<jpk68:matrix.org> Argon2 is memory-hard anyways

Correct. RandomX was not designed to be used with secret inputs.

<samholmes:matrix.org> tevador: So given a hash there is a chance the pre-image can be reversed?

It could be vulnerable to side channel attacks. For example, measuring how long it takes to calculate a hash can give some information about the input.

<samholmes:matrix.org> Are side channel attacks the only concern here. What other considerations are there for KDFs?

<samholmes:matrix.org> Also, the application I have in mind may not technically be a KDF. The concept is to derive a hash from some password/passphrase using n iterations of RandomX hashing where the delay is some significant amount of time (1 hour, 1 day, etc). This final hash is work done on the passphrase and can then be used to salt the pass [... too long, see mrelay.p2pool.observer/e/_PvaxYALRVp6dWZj ]