Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 15 Aug 2012 02:06:23 -0400 (EDT)
Subject: RE: SRP

Here is a version (same as last, still 'battlenet' SRP), which can be 
compiled with no flags, and builds with oSSL's BN, or you can add 
-DHAVE_GMP to the CFLAGS, and add -lgmp to the LDFLAGS (and of course 
have libgmp installed), and it will build either way.

Here are the timings on my 32 bit Athlon:

$ ../run/john -test=5 -form=wowsrp
Benchmarking: WoW (Battlenet) SRP sha1 [32/32 GMP-exp]... DONE
Raw:    21765 c/s real, 21768 c/s virtual

$ ../run/john -test=5 -form=wowsrp
Benchmarking: WoW (Battlenet) SRP sha1 [32/32 oSSL-exp]... DONE
Raw:    16973 c/s real, 16973 c/s virtual

So oSSL was not 'too' bad here, but it is pretty recent version.

$ openssl
OpenSSL> version
OpenSSL 1.0.1c 10 May 2012

The oSSL was pretty darn easy to code to, for this trivial task. 
However, I have read several bug reports of some older versions and 
their BN_mod_exp* functions.  Note, many of the error reports were not 
using a prime number for the mod (we do here).  I think oSSL is mostly 
targeting prime modulus, since that is what is used in encryption.  The 
SRP prototype here, does use a prime.

There are a couple of spurious warnings when building with oSSL.  I am 
not overly worried about them, since this really still is just POC.

I probably should dig into the RFC solar posted, along with comparing 
SRP against the native oSSL version.


On Tue, Aug 14, 2012 at 10:54 PM, jfoug wrote:

>> From: Solar Designer []
>> Rather than have jumbo depend on GMP, maybe this format should be 
>> made
>> non-plug and the GMP dependency made optional then (HAVE_GMP).
> We need to explore oSSL and its speed, and also it's availability.
> If it is there, but slower, then we have it in by default, and 
> implement a
> 'HAVE_GMP', that will add the -lgmp to LDLFAGS and change the code 
> used in
> the format.  I have a feeling GMP will be faster than oSSL, at least 
> older
> oSSL, but I 'could' be wrong.  Torbjorn codes some pretty good stuff, 
> for a
> general purpose math lib.
> Jim.

View attachment "wow_srp_fmt_plug.c" of type "text/plain" (10467 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.