Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 21 Jun 2015 14:09:47 +0300
From: Aleksey Cherepanov <lyosha@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: cycle around crypt_all() body in raw-sha512

On Sat, May 23, 2015 at 06:45:11PM +0300, Aleksey Cherepanov wrote:
> On Sat, May 23, 2015 at 04:22:33PM +0300, Aleksey Cherepanov wrote:
> > On Sat, May 23, 2015 at 02:27:47PM +0300, Aleksey Cherepanov wrote:
> > > On Sat, May 23, 2015 at 10:55:38AM +0800, Lei Zhang wrote:
> > > > I managed to add interleaving to SHA256 & SHA512, but the work is incomplete yet. When the interleaving factor is set other than 1, SHA256 works with a few formats, and SHA512 only works with sapH currently. Below are some statistics obtained from experimenting various interleaving factors:
> > > 
> > > I am trying interleave in john-devkit on raw-sha512 with sse.
> 
> While interleave gives me slow downs, I tried to wrap crypt_all()'s
> body into a cycle.

I got much better results with raw-sha256 and raw-sha224:
~12% over current bleeding-jumbo with
- no functions in crypt_all()
- full unroll of main cycle and x16 unroll of setup of W
- sse code in crypt_all()
- early reject
- big cycle x20

Early reject: I compute only last word (1 of 8 words) and use it to
reject bad candidates in cmp_all(), then I compute hash from the very
beginning in cmp_one() using scalar code.

The results can be improved: it is possible to reverse several
instructions like final byteswap and addition of initial state.

Self tests of my raw-sha256 differ from original raw-sha256: there are
no cisco hashes. It might affect speeds. Though self tests of
raw-sha224 do not differ from john's self tests.

The benchmarks were done on core i7 950 with sse code on 1 core with
gcc 5.1. +12% is the difference between peak speeds. I get big
fluctuations between runs. I'll improve my benchmarking procedure
later. At PHDays V, I reported +20% for raw-sha224 and +22% for
raw-sha256. At the moment, it does not seem correct. That's sad.

Thanks!

-- 
Regards,
Aleksey Cherepanov

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ