Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sun, 18 Dec 2011 23:17:59 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: Making a thread safe implementation of bitslice DES

On Sun, Dec 18, 2011 at 01:54:34PM -0500, Jordan Bradley wrote:
> I'm writing a multithreaded application (using pthreads) using OpenSSL's 
> DES_fcrypt function which does the job but is slow.

What are you doing this for?

> I'd like to use 
> JTR's bitslice implementation but it doesn't seem to be thread safe.

It is thread-safe (in 1.7.9) as long as each thread uses its own
instance of a DES_bs_combined structure.  This is what happens when
1.7.9 is built with OpenMP support, but you may as well use this with
explicit pthreads if you like.

Thread-safety generally has some performance cost, though.  This is why
when 1.7.9 is built without OpenMP support, it simply uses a static
instance of a DES_bs_combined structure, called DES_bs_all.  This avoids
the need for some pointer indirection.

There's also a DES_bs_all with OpenMP-enabled builds, but there
DES_bs_all is a C preprocessor macro that uses the global DES_bs_all_p
pointer and the local variable "t".  In your code, you may do it
similarly or differently.

> In the end I'd like it to be a drop-in replacement of DES_fcrypt()

This is impossible.  The whole point of doing a bitslice implementation
is that it will process multiple inputs in parallel and produce multiple
outputs.  This doesn't fit in the DES_fcrypt() interface.

Also, crypt(3) and DES_fcrypt() have some overhead to convert the ASCII
salt string to binary, to perform DES final permutation, and to encode
the resulting DES block with base-64 characters.  If you care about
performance, you'll want to avoid this kind of overhead, which implies
that you shouldn't use this interface.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.