Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 29 Aug 2015 20:24:28 +0200
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: length based branching

On 2015-08-29 19:45, Aleksey Cherepanov wrote:
> Common case of data based branching is length based branching. I guess
> that some raw formats could get 10%+ speed up if they had a limit on
> length and threated part of message block as constants. Also we have
> some formats with length limits, most notable for me is raw-sha1-ng:
> length limit 15 but it gives 30% speed up.

Most of our SIMD formats has such a limit, for this reason. The natural 
limit for one block of MD4/MD5/SHA-1/SHA-256 is 55 bytes. SHA-1-ng's 
further limiting is another story: It's because set_key() uses SIMD to 
read the key. On AVX2 that limit of 15 is naturally bumped to 31 (more 
generally it's sizeof(vector) - 1, so on AVX-512 it's 63 and on AVX-1024 
and above it will bump into the global max. of 125).

> In case of raw-sha1, there is limit implied by algo: length <= 15 ->
> algo from raw-sha1-ng, otherwise -> algo from raw-sha1.

Not possible, for the reason I described. The algo is the same, it's 
set_key() that differs.

In a future version of JtR, I'd like length to be supplied as an 
argument to set_key(). In most (all?) cases, the mode did know the 
length anyway, and a range of optimizations would become possible.

> Also it would be nice to implement "fallbacks" in all algorithms with
> small limit on length. (Length limits of dynamics were raised.) Or at
> least, warn when algorithm does not support desired length (it is
> needed to distinguish truncating formats and just not working
> formats).

Very few of our formats have a really limiting length as far as I'm 
aware, but our md5crypt format has. It should have a fallback to scalar 
multi-block code. Or even better, it should just be improved to handle 
longer; our sha2crypt formats handles much longer (it sorts the keys).

magnum

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ