Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 3 Sep 2015 03:40:41 +0300
From: Aleksey Cherepanov <lyosha@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: reverse of full sha1 and sha256 limb when hash and block are
 known

On Thu, Sep 03, 2015 at 03:34:54AM +0300, Aleksey Cherepanov wrote:
> Easy practical application
> 
> Consider a hash sha256(sha256(...).sha256(...)), for instance
> sha256(sha256($p).sha256($s))
> 
> sha256($p).sha256($s) produces exactly 1 block of message, so the
> second block is 0x80, padding and constant length always. So we can
> reverse the second block and check intermediate state computing only 1
> limb instead of 2. That's up to 50% higher speed (considering that we

I meant 2x speed up. That's 100% higher speed. Sorry!

-- 
Regards,
Aleksey Cherepanov

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ