Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20110427012512.GA12668@openwall.com>
Date: Wed, 27 Apr 2011 05:25:12 +0400
From: Solar Designer <solar@...nwall.com>
To: crypt-dev@...ts.openwall.com
Subject: Re: Bcrypt functionalities implementation in hardware

On Tue, Apr 26, 2011 at 04:50:03PM -0300, Yuri Gonzaga wrote:
> Alexander talked about implementing only the inner loop of bcrypt or the
> 2^cost loop.

It should be the latter.

> (From
> http://www.usenix.org/events/usenix99/provos/provos_html/node5.html#SECTION00050000000000000000
> )
> 
> bcrypt(cost, salt, key)
> >    state <- EksBlowfishSetup(cost, salt, key)
> >    ctext <- "OrpheanBeholderScryDoubt"
> > *   repeat(64)
> > **      ctext <- EncryptECB(state, ctext)
> > *   return Concatenate(cost, salt, ctext)
> 
> 
> Is this (in bold) the inner loop?

No.  This is a cheap loop that may be implemented in software.  The one
we need to implement in hardware is in EksBlowfishSetup().

> (From
> http://www.usenix.org/events/usenix99/provos/provos_html/node4.html#SECTION00040000000000000000
> )
> 
> EksBlowfishSetup(cost, salt, key)
> >    state <- InitState()
> >    state <- ExpandKey(state, salt, key)
> >  *  repeat(2^cost)
> > **      state <- ExpandKey(state, 0, salt)
> > **      state <- ExpandKey(state, 0, key)
> > *   return state
> 
> 
> Is this the other one?

Yes, this is the only one to implement in hardware.

I am sorry that I confusingly used different words in the IM
conversation we had.  I only meant one loop.

> So, Should the other pieces of code implemented in software?

Yes, provided that sending a little over 4 KB of data to/from FPGA is no
problem - e.g., it might be problematic over your JTAG/USB adapter
cable, but it should be no problem over USB 2.0 or PCIe.

Since we'll need interfacing from C code, I suggest that you pick my
crypt_blowfish package:

http://www.openwall.com/crypt/

or JtR's BF_std.c (force it to the simpler BF_X2=0 and BF_mt=1 case) and
replace the loop with a call into the FPGA interface.  You don't need to
implement the rest of bcrypt in C on your own - the existing code should
work.

In BF_std.c, the loop to replace is:

		count = salt[4];
		do {
...
		} while (--count);

Thanks,

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.