Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20130503111825.GA12828@openwall.com>
Date: Fri, 3 May 2013 15:18:25 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: zip-opencl

Dhiru,

On Fri, May 03, 2013 at 03:17:17PM +0530, Dhiru Kholia wrote:
> On 05/03/13 at 07:47am, Solar Designer wrote:
> > While crypt_all() checks 2 bytes of PBKDF2 output only (and it can't
> > quickly check more), it computes the full PBKDF2 output right away.
> > cmp_exact() simply returns 1.  This means that we both incur the false
> > positives (and don't filter them out!) and incur the performance hit of
> > computing the full PBKDF2 output.  Instead, we should have the PBKDF2 on
> > GPU compute only the 160-bit portion of PBKDF2 output that contains the
> > required 2 bytes.  We'll compute the rest of PBKDF2 output on CPU in
> > cmp_exact() if necessary (usually it won't be)
> >
> > If I parse our test vectors right, it looks like for one of them we
> > currently compute 2x160-bit of PBKDF2 output and for the other 4x160-bit,
> > in both cases instead of just 1x160-bit that we actually have to compute.
> 
> This optimization is now implemented in the CPU "zip" format.

OK.  This has doubled the speed at --test.  Apparently, the second test
vector is not used during benchmarking because we have BENCHMARK_LENGTH
set to -1.  I think that's fine for this format.

> However, we would need to revert it in case we decide to implement
> decryption and decompression later on.

No, in that case we'd need to compute the rest of PBKDF2 output in
cmp_exact().  It's quite dumb to compute the full PBKDF2 output right
away simply because we need it once in 65536 passwords tested.

> I am guessing that we would need to do partial decryption and
> decompression to reduce / eliminate the false positives.
> 
> Jim and magnum seem to be the right guys for this ;)

Maybe, but if you work on it then you may learn something new. ;-)

Thanks,

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.