Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 15 Mar 2012 00:34:16 +0200
From: Milen Rangelov <>
Subject: Re: RAR format finally proper

Thanks a lot for the link :)

Actually that's a lucky coincidence as I just got a Bulldozer CPU capable
of AES-NI yesterday :)

Haven't dug into the AES-NI part though, the first thing I did was doing
the optimized XOP codepaths.

Actually (I know that's offtopic) this CPU demonstrates some weird
behavior. With my SSE2 code, a 4-core Phenom II @3.2GHz is almost as fast
as the 6-core FX-6100 @3.3 GHz. At first that seemed strange, then I
implemented the XOP codepaths for MD5/MD4/SHA1 and then things look better
now, the _mm_roti_epi32/_mm_cmov_si128 optimizations lead to ~ 40%
improvement as compared to the SSE2 code (still worse than what I expected
though). Same for SHA1 and MD4. Then came the DES stuff. I decided to test
Alexander's s-boxes.

Well that was surprising. I used the ones for architectures supporting
bitselect instructions that should have much less gates than the original
Matthew Kwan s-boxes I used until now. Yet, I got the same speeds. hashkill
and jtr are similar in design as far as the bitslice DES part is concerned,
the biggest difference being the way keys are set up. I guess I'd spend
some more days investigating that before I continue with AES-NI stuff for

On Tue, Mar 13, 2012 at 3:13 AM, magnum <> wrote:

> On 03/07/2012 11:37 PM, magnum wrote:
> > On 03/06/2012 08:11 AM, Milen Rangelov wrote:
> >> As per AES/OpenSSL, I read somewhere they implemented runtime AES-NI
> >> detection/use. Though I don't think this have made it into the debian
> >> packages I use yet. It might improve things a lot.
> >
> > Yeah interesting, it can decrypt a byte in 2 cycles instead of 15... I
> > suppose you could try using the code supplied by Intel at the end of
> > this PDF: - it even mimics the
> > OpenSSL interfaces.
> It seems my standard Ubuntu OpenSSL 1.0.0e has AES-NI configured and
> enabled out of the box so maybe this is nothing to worry about? I'll
> benchmark it later on a CPU that actually supports it.
> Anyway here's a better "version" (the one above is source code in PDF
> form) of that Intel library, if we ever need one:
> magnum

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.