Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 12 Nov 2014 21:13:28 +0100
From: Frank Dittrich <frank.dittrich@...lbox.org>
To: john-dev@...ts.openwall.com
Subject: Re: [PATCH] OpenBSD disk encryption

On 11/12/2014 08:42 PM, magnum wrote:
> Thanks! I'll accept it as-is but there seem to be room for improvement:
> For example, we have shared functions for PBKDF2-SHA1 using SSE2 and
> with some other optimizations, it may be 3-8 times faster (see
> pbkdf2-hmac-sha1_fmt_plug.c for example use). Also, just from a very
> quick look it appears to me you could use a normal binary instead of
> treating it as a "non-hash" but I may be wrong. And that will probably
> not matter unless you try to crack lots of hashes at once, which is
> probably not the normal use case.

Other possible adjustments:
-may be use base64 instead of hex encoding, now that Jim has spent so
much effort in improving base64 support (so that those extra long hashes
get a little bit shorter)
-add a benchmark comment mentioning the iteration count of the only self
test
-report iteration count as tunable cost

I am not suggesting that ThiƩbaud should implement all these changes.
We can do it after his patch has been applied.

Frank


Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ