Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 04 Sep 2015 12:37:22 +0200
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: SHA-1 H()

On 2015-09-02 17:20, Solar Designer wrote:
> In simd-intrinsics.c we have:
>
> #if __XOP__
> #define SHA1_H(x,y,z)                               \
>      tmp[i] = vcmov((x[i]),(y[i]),(z[i]));           \
>      tmp[i] = vxor((tmp[i]),vandnot((x[i]),(y[i])));
> #else
> #define SHA1_H(x,y,z)                                       \
>      tmp[i] = vand((x[i]),(y[i]));                           \
>      tmp[i] = vor((tmp[i]),vand(vor((x[i]),(y[i])),(z[i])));
> #endif
>
> This is suboptimal in two ways:

TL;DR: The changes were good but made no big deal.

Pre and post 5916a57, here's Bull, OMP, complete list (of SHA formats 
that can run OMP):

$ ../run/relbench -v o2 n2 | grep Ratio | sort
Ratio:	0.95438 real, 0.95335 virtual	xsha, Mac OS X 10.4 - 10.6:Only one 
salt
Ratio:	0.96187 real, 0.96203 virtual	Raw-SHA512:Raw
Ratio:	0.98151 real, 0.98330 virtual	SSHA512, LDAP:Only one salt
Ratio:	0.98306 real, 0.99574 virtual	HMAC-SHA224:Many salts
Ratio:	0.98649 real, 0.98802 virtual	sapg, SAP CODVN F/G (PASSCODE):Many 
salts
Ratio:	0.98959 real, 0.99234 virtual	xsha512, Mac OS X 10.7:Only one salt
Ratio:	0.98996 real, 1.00000 virtual	Drupal7, $S$ (x16385):Raw

Manually re-testing Drupal7 (SHA-512) a couple of times shows it 
probably neither got a boost not a regression (or perhaps a very very 
slight boost: Same real speed, virtual boosted one (1) c/s - pretty much 
consistently).

Ratio:	0.99001 real, 0.99875 virtual	SybaseASE, Sybase ASE:Only one salt
Ratio:	0.99010 real, 0.99754 virtual	Blackberry-ES10 (101x):Raw
Ratio:	0.99010 real, 1.00000 virtual	Fortigate, FortiOS:Many salts
Ratio:	0.99050 real, 0.99650 virtual	LastPass, sniffed sessions:Only one 
salt
Ratio:	0.99055 real, 0.99534 virtual	LastPass, sniffed sessions:Many salts
Ratio:	0.99085 real, 1.00077 virtual	aix-ssha512, AIX LPA {ssha512}:Raw
Ratio:	0.99294 real, 0.99320 virtual	HMAC-SHA256:Many salts
Ratio:	0.99383 real, 0.99884 virtual	PBKDF2-HMAC-SHA256:Raw

Manually re-testing PBKDF2-HMAC-SHA256 a couple of times show neither 
boost nor regression.

Ratio:	0.99415 real, 0.99611 virtual	Blockchain, My Wallet (x10):Raw
Ratio:	0.99504 real, 0.99646 virtual	HMAC-SHA512:Only one salt
Ratio:	0.99594 real, 1.00429 virtual	Fortigate, FortiOS:Only one salt
Ratio:	0.99615 real, 0.99667 virtual	Raw-SHA512-ng:Raw
Ratio:	0.99617 real, 1.00486 virtual	Salted-SHA1:Only one salt
Ratio:	0.99625 real, 0.99634 virtual	xsha512, Mac OS X 10.7:Many salts
Ratio:	0.99913 real, 0.99918 virtual	SSHA512, LDAP:Many salts
Ratio:	1.00000 real, 0.97838 virtual	HMAC-SHA224:Only one salt
Ratio:	1.00000 real, 0.99748 virtual	RAR5:Raw
Ratio:	1.00000 real, 1.00000 virtual	aix-ssha256, AIX LPA {ssha256}:Raw
Ratio:	1.00000 real, 1.00000 virtual	HMAC-SHA512:Many salts
Ratio:	1.00000 real, 1.00000 virtual	keyring, GNOME Keyring:Raw
Ratio:	1.00000 real, 1.00000 virtual	mssql12, MS SQL 2012/2014:Many salts
Ratio:	1.00000 real, 1.00000 virtual	sha512crypt, crypt(3) $6$ 
(rounds=5000):Raw
Ratio:	1.00000 real, 1.00118 virtual	pwsafe, Password Safe:Raw
Ratio:	1.00000 real, 1.00142 virtual	PBKDF2-HMAC-SHA512, GRUB2 / OS X 
10.8+:Raw
Ratio:	1.00000 real, 1.00154 virtual	sha256crypt, crypt(3) $5$ 
(rounds=5000):Raw
Ratio:	1.00000 real, 1.00230 virtual	eCryptfs (65536x):Raw
Ratio:	1.00000 real, 1.00233 virtual	lp, LastPass offline:Raw
Ratio:	1.00000 real, 1.00233 virtual	rar, RAR3 (4 characters):Raw
Ratio:	1.00000 real, 1.00250 virtual	SybaseASE, Sybase ASE:Many salts
Ratio:	1.00143 real, 1.00143 virtual	tc_aes_xts, TrueCrypt AES256_XTS:Raw
Ratio:	1.00153 real, 1.00000 virtual	HMAC-SHA384:Many salts
Ratio:	1.00238 real, 1.00115 virtual	Raw-SHA256:Raw
Ratio:	1.00285 real, 0.99916 virtual	HMAC-SHA1:Only one salt
Ratio:	1.00286 real, 1.00286 virtual	tc_sha512, TrueCrypt AES256_XTS:Raw
Ratio:	1.00536 real, 1.01673 virtual	saph, SAP CODVN H (PWDSALTEDHASH) 
(SHA1x1024):Many salts
Ratio:	1.00539 real, 1.00566 virtual	Raw-SHA224:Raw
Ratio:	1.00587 real, 1.00583 virtual	Oracle12C:Raw
Ratio:	1.00897 real, 1.01051 virtual	RAKP, IPMI 2.0 RAKP (RMCP+):Only 
one salt
Ratio:	1.00931 real, 0.99772 virtual	7z, 7-Zip (512K iterations):Many salts
Ratio:	1.00965 real, 1.00000 virtual	Django (x10000):Raw
Ratio:	1.00981 real, 1.02342 virtual	keychain, Mac OS X Keychain:Raw
Ratio:	1.00996 real, 1.02035 virtual	mscash2, MS Cache Hash 2 (DCC2):Raw
Ratio:	1.00997 real, 0.99876 virtual	HMAC-SHA384:Only one salt
Ratio:	1.01000 real, 1.00000 virtual	Bitcoin:Raw
Ratio:	1.01001 real, 1.00000 virtual	Raw-SHA384:Raw
Ratio:	1.01005 real, 1.00457 virtual	HMAC-SHA256:Only one salt
Ratio:	1.01193 real, 1.01197 virtual	Salted-SHA1:Many salts
Ratio:	1.01314 real, 1.01314 virtual	Citrix_NS10, Netscaler 10:Many salts
Ratio:	1.01546 real, 1.01677 virtual	saph, SAP CODVN H (PWDSALTEDHASH) 
(SHA1x1024):Only one salt
Ratio:	1.01617 real, 1.01439 virtual	sha1crypt, NetBSD's sha1crypt:Raw
Ratio:	1.01626 real, 1.00000 virtual	cloudkeychain, 1Password Cloud 
Keychain:Raw
Ratio:	1.01628 real, 1.01764 virtual	xsha, Mac OS X 10.4 - 10.6:Many salts
Ratio:	1.01634 real, 1.01507 virtual	aix-ssha1, AIX LPA {ssha1}:Raw
Ratio:	1.01648 real, 1.01506 virtual	sxc, StarOffice .sxc:Raw
Ratio:	1.01661 real, 1.01036 virtual	sapg, SAP CODVN F/G (PASSCODE):Only 
one salt
Ratio:	1.01695 real, 1.02453 virtual	krb5-18, Kerberos 5 db etype 18:Raw
Ratio:	1.01699 real, 1.01871 virtual	krb5pa-sha1, Kerberos 5 AS-REQ 
Pre-Auth etype 17/18:Raw
Ratio:	1.01699 real, 1.02115 virtual	EFS:Raw
Ratio:	1.01818 real, 1.01938 virtual	STRIP, Password Manager:Raw
Ratio:	1.01858 real, 0.99275 virtual	7z, 7-Zip (512K iterations):Only 
one salt
Ratio:	1.01898 real, 1.02020 virtual	RAKP, IPMI 2.0 RAKP (RMCP+):Many salts
Ratio:	1.01924 real, 1.01681 virtual	dmg, Apple DMG:Raw
Ratio:	1.01924 real, 1.02404 virtual	OpenBSD-SoftRAID (8192 iterations):Raw
Ratio:	1.01935 real, 1.02062 virtual	EncFS:Raw
Ratio:	1.02013 real, 1.01613 virtual	LUKS:Raw
Ratio:	1.02058 real, 1.02058 virtual	ZIP, WinZip:Raw
Ratio:	1.02315 real, 1.02172 virtual	HMAC-SHA1:Many salts
Ratio:	1.02499 real, 1.02473 virtual	Office, 2007/2010/2013:Raw
Ratio:	1.02616 real, 1.02497 virtual	agilekeychain, 1Password Agile 
Keychain:Raw
Ratio:	1.02778 real, 1.02604 virtual	fde, Android FDE:Raw
Ratio:	1.03001 real, 1.01997 virtual	PBKDF2-HMAC-SHA1:Raw
Ratio:	1.03393 real, 1.03394 virtual	mssql12, MS SQL 2012/2014:Only one salt
Ratio:	1.03590 real, 1.03066 virtual	ODF:Raw
Ratio:	1.03826 real, 1.02821 virtual	Citrix_NS10, Netscaler 10:Only one salt
Ratio:	1.04312 real, 1.03429 virtual	wpapsk, WPA/WPA2 PSK:Raw

I think the summary makes very good sense in this case since only 
relevant formats were included:

Number of benchmarks:		82
Minimum:			0.95438 real, 0.95335 virtual
Maximum:			1.04312 real, 1.03429 virtual
Median:				1.00411 real, 1.00192 virtual
Median absolute deviation:	0.01072 real, 0.00599 virtual
Geometric mean:			1.00588 real, 1.00577 virtual
Geometric standard deviation:	1.01514 real, 1.01412 virtual

magnum

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ