Date: Tue, 5 Apr 2011 07:09:53 +0400 From: Solar Designer <solar@...nwall.com> To: crypt-dev@...ts.openwall.com Subject: Re: Answering and asking some of the first questions On Mon, Apr 04, 2011 at 09:19:18PM -0300, Yuri Gonzaga wrote: > Although I don't know if I am able to finish this in next 2 week, I accept > the qualification task. I want to try! Great! > Last few days, I have analyzed the bcrypt details. I could understand its > idea and what the problems related to its hardware implementation. > First, it is impractable to implement fully pipelined, mainly due to the > EskBlowFishSetup() during calls to ExpandKey() as each input depends on the > last execution. > So, the implentation have to be sequential. As you said, only one bcrypt > core will be slower than software approaches. With pipelining, you would have different candidate passwords tested in different pipeline stages, which would avoid data dependencies. However, I guess this is in fact impractical for Blowfish, because you need to maintain separate 4 Kbyte large S-boxes for each candidate password being tested at a time, which is probably what you'd spend most logic on. > Starting by now, I will code this in SystemVerilog and compile/synthesize to > Altera's FPGA. Then, I will try to interface with JtR. Sounds fine. I'd prefer that you have a functioning but slow implementation sooner rather than an optimized one later. So please switch to work on interfacing with JtR as soon as you have an initial implementation in the FPGA working, even if slowly. > About the GSoC real task: Apparently, the scrypt is harder than bcrypt > against hardware attacks. So, how could we take advantage of a hardware > implementation? > What the difference in crypt(3) that you want to introduce? I've just addressed this in a separate message. Thanks, Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.