Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 7 Mar 2011 14:10:47 -0600
From: "jfoug" <jfoug@....net>
To: <john-dev@...ts.openwall.com>
Subject: RE: Re: md5_gen, proposed functionality

>-----Original Message-----
>From: magnum [mailto:rawsmooth@...dband.net]
>I think there should be just one unicode mode, but that mode should

Ok, I have added these flags:  
  MGF_KEYS_UNICODE_B4_CRYPT and MGF_SALT_UNICODE_B4_CRYPT

and these functions:
  MD5GenBaseFunc__setmode_unicode
  MD5GenBaseFunc__setmode_normal

The flag MGF_KEYS_UNICODE_B4_CRYPT is a modifier for the 'existing'
optimization flags of MGF_KEYS_CRYPT_IN2, MGF_KEYS_BASE16_IN1,
MGF_KEYS_BASE16_IN1_Offset32, MGF_KEYS_BASE16_X86_IN1 and
MGF_KEYS_BASE16_X86_IN1_Offset32.  It can NOT be used with flag
MGF_KEYS_INPUT.  What this flag does is to Unicode convert of keys which are
'preloaded' and crypted.  The flag MGF_SALT_UNICODE_B4_CRYPT modifies
behavior of the MGF_SALT_AS_HEX flag (and the new MGF_SALT_AS_HEX_TO_SALT2).
The formats I show, will use these flags to be faster.  

The 2 new functions simply turn on, and turn off Unicode conversion.  These
functions have Unicode conversion built in:

MD5GenBaseFunc__append_keys, MD5GenBaseFunc__append_keys2,
MD5GenBaseFunc__append_salt, MD5GenBaseFunc__append_salt2,
MD5GenBaseFunc__overwrite_salt_to_input1_no_size_fix,
MD5GenBaseFunc__overwrite_salt_to_input2_no_size_fix,
MD5GenBaseFunc__append_2nd_salt, MD5GenBaseFunc__append_2nd_salt2,
MD5GenBaseFunc__append_userid, MD5GenBaseFunc__append_userid2,
MD5GenBaseFunc__append_input1_from_CONST1  (and ALL other const append
functions)

All of these functions will 'honor' either normal, or Unicode mode.

Here is an example format (done in 2 ways)  The made up format is:  
md5($s.md5(unicode($p)))

[List.Generic:md5_gen(1054)]
Expression=md5_gen(1054): md5($s.md5(unicode($p)))
Flag=MGF_SALTED
Func=MD5GenBaseFunc__clean_input
Func=MD5GenBaseFunc__setmode_unicode
Func=MD5GenBaseFunc__append_keys
Func=MD5GenBaseFunc__crypt
Func=MD5GenBaseFunc__setmode_normal
Func=MD5GenBaseFunc__clean_input
Func=MD5GenBaseFunc__append_salt
Func=MD5GenBaseFunc__append_from_last_output_as_base16
Func=MD5GenBaseFunc__crypt
Test=md5_gen(1054)2e233d5102d2be03307ec5490075121d$aabbccdd:test1
Test=md5_gen(1054)0474efd4022743c1113636fc1f34d88a$zzyyxxww:test3
Test=md5_gen(1054)e3ab32d7db8521616781f13919bb17bc$01234567:ThisisWorking

[List.Generic:md5_gen(1055)]
Expression=md5_gen(1055): md5($s.md5(unicode($p)))
Flag=MGF_SALTED
Flag=MGF_KEYS_UNICODE_B4_CRYPT
Flag=MGF_KEYS_CRYPT_IN2
Func=MD5GenBaseFunc__setmode_normal
Func=MD5GenBaseFunc__clean_input
Func=MD5GenBaseFunc__append_salt
Func=MD5GenBaseFunc__append_from_last_output2_to_input1_as_base16
Func=MD5GenBaseFunc__crypt
Test=md5_gen(1054)2e233d5102d2be03307ec5490075121d$aabbccdd:test1
Test=md5_gen(1054)0474efd4022743c1113636fc1f34d88a$zzyyxxww:test3
Test=md5_gen(1054)e3ab32d7db8521616781f13919bb17bc$01234567:ThisisWorking

The difference in the formats, is that 1055 has the MGF_KEYS_CRYPT_IN2
optimization flag.  Because the md5($p) is actually md5(Unicode($p)), we
also added the MGF_KEYS_UNICODE_B4_CRYPT, so that the code preloading the
crypt does it after a Unicode convert.

Here are the benchmarks for the 2 formats (note the 'many crypts' speed, and
why we want the optimization)

Benchmarking: md5_gen(1054) md5_gen(1054): md5($s.md5(unicode($p))) SSE2
[SSE2 32x4 (.S)]... DONE
Many salts:     5005K c/s
Only one salt:  4195K c/s

Benchmarking: md5_gen(1055) md5_gen(1055): md5($s.md5(unicode($p))) SSE2
[SSE2 32x4 (.S)]... DONE
Many salts:     9276K c/s
Only one salt:  4169K c/s


The reason for the MGF_SALT_AS_HEX_UNICODE_FIRST flag, would be to handle
things like:

md5(unicode($p).md5(unicode($s)))    In this case, we would want to do the
md5(unicode($s)) when we load the file.  Then we simply keep the base-16
hashes as the 'values' for the salts.  This will keep runtime from having to
md5 the salts, in other words a 2x speed optimization for the format.

[List.Generic:md5_gen(1056)]
Expression=md5_gen(1056): md5(unicode($p).md5(unicode($s)))
Flag=MGF_SALTED
Func=MD5GenBaseFunc__clean_input
Func=MD5GenBaseFunc__setmode_unicode
Func=MD5GenBaseFunc__append_salt
Func=MD5GenBaseFunc__crypt
Func=MD5GenBaseFunc__clean_input
Func=MD5GenBaseFunc__append_keys
Func=MD5GenBaseFunc__append_from_last_output_as_base16
Func=MD5GenBaseFunc__setmode_normal
Func=MD5GenBaseFunc__crypt
Test=md5_gen(1056)34ba9cf3d8f61e6eb21942feb1164261$aabbccdd:test1

[List.Generic:md5_gen(1057)]
Expression=md5_gen(1057): md5(unicode($p).md5(unicode($s)))
Flag=MGF_SALTED
Flag=MGF_SALT_UNICODE_B4_CRYPT
Flag=MGF_SALT_AS_HEX
Func=MD5GenBaseFunc__clean_input
Func=MD5GenBaseFunc__setmode_unicode
Func=MD5GenBaseFunc__append_keys
Func=MD5GenBaseFunc__setmode_normal
Func=MD5GenBaseFunc__append_salt
Func=MD5GenBaseFunc__crypt
Test=md5_gen(1057)34ba9cf3d8f61e6eb21942feb1164261$aabbccdd:test1

Speeds are:

Benchmarking: md5_gen(1056) md5_gen(1056): md5(unicode($p).md5(unicode($s)))
SSE2 [SSE2 32x4 (.S)]... DONE
Many salts:     4772K c/s
Only one salt:  4153K c/s

Benchmarking: md5_gen(1057) md5_gen(1057): md5(unicode($p).md5(unicode($s)))
SSE2 [SSE2 32x4 (.S)]... DONE
Many salts:     6334K c/s
Only one salt:  5422K c/s

Jim.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ