Date: Fri, 3 May 2013 13:59:09 -0500 From: "jfoug" <jfoug@....net> To: <john-dev@...ts.openwall.com> Subject: pbkdf2_hmac_sha256 working with SSE I just finished phbdkf_hmac_sha256, and ported django, lastpass and lastpass_sniffed. Benchmarking: Django PBKDF2-HMAC-SHA-256 (x10000) [32/32]... DONE Raw: 121 c/s real, 121 c/s virtual Benchmarking: LastPass offline PBKDF2 SHA1 [32/32]... DONE Raw: 2415 c/s real, 2414 c/s virtual Benchmarking: LastPass sniffed sessions PBKDF2-HMAC-SHA-256 AES [32/32]... DONE Raw: 2423 c/s real, 2425 c/s virtual Benchmarking: Django PBKDF2-HMAC-SHA-256 (x10000) [128/128 SSE2 intrinsics 4x]... DONE Raw: 381 c/s real, 381 c/s virtual Benchmarking: LastPass offline PBKDF2 SHA1 [128/128 SSE2 intrinsics 4x]... DONE Raw: 7597 c/s real, 7596 c/s virtual Benchmarking: LastPass sniffed sessions PBKDF2-HMAC-SHA-256 AES [128/128 SSE2 intrinsics 4x]... DONE Raw: 7541 c/s real, 7541 c/s virtual The way I wrote this, 'most' of the changes are simply loading arrays with multiple values, within the crypt_all function. The pbkdf2 works with the original password arrays, and writes to the original crypt 'FLAT' buffers, so that a format written in oSSL should be pretty trivial to change to SSE. All that is needed, is change of algorithm, change of max keys (must be COEF), and then a block in crypt, that matches the oSSL block, but that builds arrays to pass to the pbkdf2. In django, there was a bug I had to find (in cmp_all). It only looked at 1 crypt, unless OMP was defined. That has to change to always look at count crypts. I will get this wrapped up, and released soon (bleeding+) I did have to change the interface to the SSESHA256body() function (I also changed the sha512 function even though it is just a stub right now). I had to separate the output and the reload buffers, as was done for SHA1. I also had to make changes to sha2.h. I ripped out all of the header defines from sha2.h that were for jtr's sha2.c file. I put these into their own file. Then within sha2.h, I simply include that new header. This was done so that I can 'force' load the jtr sha2.c code, to be used within the pbkdf2_hmac_sha2.h sse function. I need to harvest off the SHA256 'state' after the first block. I guess I could have done the first half crypts in SSE2, but I thought that a little complex, but it may actually not have been a bad way to go. However, the code in the pbkdf2_hmac_sha256.h is working just fine. Content of type "text/html" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.