Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 23 May 2015 14:27:47 +0300
From: Aleksey Cherepanov <>
Subject: Re: interleaving in SHA256 & SHA512

On Sat, May 23, 2015 at 10:55:38AM +0800, Lei Zhang wrote:
> I managed to add interleaving to SHA256 & SHA512, but the work is incomplete yet. When the interleaving factor is set other than 1, SHA256 works with a few formats, and SHA512 only works with sapH currently. Below are some statistics obtained from experimenting various interleaving factors:

I am trying interleave in john-devkit on raw-sha512 with sse.

x1 gives me
4852 asm instructions and
24424 bytes of code
Raw:	2244K c/s real, 2244K c/s virtual

11066 asm
54208 bytes of code
Raw:	1404K c/s real, 1407K c/s virtual

That's with fully unrolled main cycle and 16x unroll of setup W cycle
computing only one "int" (so the code ~5% smaller than usual). If I
don't unroll setup W cycle, then I get a bit better results:
9896 asm
45913 bytes of code
Raw:	1571K c/s real, 1571K c/s virtual

I count instructions and bytes of code with the following 2 commands:

objdump -d JohnTheRipper/src/rawSHA512_my_fmt_plug.o | sed -ne '/<crypt_all>/,/^$/ p' > asm && wc -l asm
perl -pe 's/[^\t]*\t//; s/\t.*//' asm | tail -n +2 | perl -pe 's/\s+//g' | perl -lne 'print(length($_) / 2, " bytes of code")'

It's on core i7 950, with 64kb L1 cache. So there should be only 32kb
of cache for code. So I guess I hit L1 code cache. It may be different
with sha256 that is smaller (64 rounds vs 80 rounds). I tried
different layouts of data. I may try to not unroll main cycle and use
higher interleave factor. So there may be a follow-up mail.


Aleksey Cherepanov

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ