Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 28 Apr 2015 06:23:52 +0300
From: Solar Designer <solar@...nwall.com>
To: announce@...ts.openwall.com
Subject: [openwall-announce] GSoC students accepted

Hi,

We ended up accepting as many as 7 students under GSoC this year:

https://www.google-melange.com/gsoc/org2/google/gsoc2015/openwall

This is our highest number so far (and quite a risk we're taking).

This number includes 5 students for Openwall's own tasks and 2 for
radare's.  Out of these 7 students, 5 (3 of Openwall's and both of
radare's) have already made substantial progress at their GSoC projects
(even though it's still 1 month until the official start coding date),
and the remaining 2 have demonstrated ability to work on their projects.
(We tend not to accept students based solely on proposals.)

Here's the radare folks' description of their two GSoC students'
qualification tasks (which, as I understand, are actually substantial
contributions):

http://radare.today/gsoc/

They are also still accepting applications for their own Radare Summer
of Code (until May 3):

http://rada.re/r/rsoc.html

Once again, their project ideas are here:

http://radare.org/gsoc/

The Openwall GSoC projects (and accepted students) are:

John the Ripper jumbo robustness improvements (Kai Zhao).  So far, Kai
has found some JtR jumbo bugs via fuzzing with afl, and contributed to
discussions on coding style.  Much more bug hunting and actual coding
style changes are planned.  We do not have a status summary page for
this project, but here's a sample john-dev posting (one of many) on some
of what's being done (in this case, on speeding up fuzzing):

http://www.openwall.com/lists/john-dev/2015/04/24/4

John the Ripper SIMD support enhancements (Lei Zhang).  So far, Lei got
JtR jumbo and LibreSSL to build for Xeon Phi (Knights Corner for now)
and pass all self-tests (298 of them in that build), including with MIC
intrinsics for many of the supported hash types.  At the same time, we
also introduced AVX2 intrinsics for whatever hash types used SSE*/AVX
before.  Further work in this area is planned, including performance
enhancements via interleaving of SIMD instructions from multiple hash
computations.  (We had this for SSE*/AVX before, and need to add and
tune it for AVX2 and MIC as well.)  If time permits, there's also a
research sub-project on bitslicing SHA-2, which might or might not
improve performance.  Here's a recent status update on the MIC work:

http://www.openwall.com/lists/john-dev/2015/04/23/6

John the Ripper support for PHC finalists (Agnieszka Bielec).  So far,
Agnieszka implemented one of 9 Password Hashing Competition finalists -
POMELO - into JtR, using the POMELO designer's code on CPU (including
generic, SSE2/AVX, and AVX2) and Agnieszka's own port to OpenCL (tested
with Intel's and AMD's OpenCL SDKs on CPU, and on an NVIDIA GPU and an
AMD GPU).  We also got some performance numbers for different "time
cost" and "memory cost" settings of POMELO on the different platforms.
These show POMELO perform well so far, not giving GPUs much or any
advantage even at low cost settings.  Further work includes experiments
with instruction interleaving on CPU, and obviously similar sort of work
on the remaining PHC finalists.  Here's a recent status report on POMELO
benchmarks, in a spreadsheet (we got to generate a PDF):

http://thread.gmane.org/gmane.comp.security.openwall.john.devel/11323/focus=11375
http://www.openwall.com/lists/john-dev/2015/04/25/3

Enhancing Johnny (Mathieu Laprise).  Johnny is our GUI for John the
Ripper.  We'd like to enhance it and make it better known.  So far,
Mathieu added support for translations, and lots of work is planned.
Johnny currently lives on our wiki, on GitHub, and in Kali Linux:

http://openwall.info/wiki/john/johnny
http://tools.kali.org/password-attacks/johnny
http://openwall.info/wiki/john/johnny-roadmap

yescrypt implementations (Taylor Hornby).  Taylor is to implement
yescrypt (our PHC finalist) in several programming languages beyond C,
mostly as a test for how implementable yescrypt is and how complex or
not those implementations end up looking.  Hopefully, Taylor will also
help write a self-contained specification of yescrypt, as opposed to the
current "diff from scrypt" specification.  Here's Taylor's related work:

https://github.com/defuse/password-hashing

On a related note, Taylor helped organize the Underhanded Crypto Contest
recently, which I submitted a (non-winning) entry to:

https://underhandedcrypto.com
https://underhandedcrypto.com/blog/

The four JtR-related GSoC projects will continue to be discussed on
john-dev, and for the yescrypt project we might reuse the crypt-dev
mailing list:

http://www.openwall.com/lists/

Finally, as I have listed our GSoC students, I need to give credit to
our GSoC mentors team too.  This year, the mentors for Openwall tasks in
GSoC are: Aleksey Cherepanov, Alexander Cherepanov, Lukas Odzioba,
magnum, Shinnok, and me.  BTW, two of the mentors - Aleksey Cherepanov
and Lukas Odzioba - were GSoC students with us in some prior years.

Stay tuned for a (hopefully) successful GSoC with us.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ