Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 12 Dec 2012 00:42:02 +0100
From: magnum <>
Subject: Re: Re: minor optimisation in raw-sha1-ng

On 12 Dec, 2012, at 0:31 , Tavis Ormandy <> wrote:
> I had read the slides, but it hadn't occurred to me that the same
> trick might apply to W[4..11], which are always fixed in raw-sha1-ng.

In your case they are not only fixed, but also always zero. Maybe this makes for even more possible optimisations? Although it will be optimisations of the outer loop.

We do some always-zero-optimisations (but to much less extent than Atom's findings) in some OpenCL kernels, for example office2007 (in "SHA1_SHORT"). I assume you already do something similar.


> I'll think about it tonight, if that works I'll definitely implement
> it. Thanks for the hint!
> He doesn't mention it in the slides, but I guess if the first word is
> fixed you only have to compute 74 rounds in the common case, because
> you can precompute the R1 state (along with early exit at R75), that
> must be another 1% :-)
> Tavis.
> On 11 December 2012 12:09, Tavis Ormandy <> wrote:
>> Hey magnum, a colleague pointed out an obvious optimisation I was
>> missing. It's very minor but obviously correct, I sent you a pull
>> request.
> -- 
> -------------------------------------
> | pgp encrypted mail preferred
> -------------------------------------------------------

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.