Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 7 May 2013 1:45:24 -0400
From:  <>
Subject: Re: RE: Enhancements to pbkdf2-sha256

Here is an SSE2 build:

$ ../run/john -test=5 -form=aix-ssha
Benchmarking: aix-ssha, AIX LPA PBKDF2-HMAC-SHA-1 / SHA-2 [32/32]... DONE
Raw:    74061 c/s real, 74737 c/s virtual

Note, the algorithm has not been changed, and may be hard to get 'right', since this format shares common code and a single format structure for 3 distinct hashes (sha1, sha256 and sha512 pbkdf2)  The timings posted in this email are 100% listing sha1 only.  

The build right now, will use my oSSL code for an 'any' build (or building on a non-intel system).  The SSE build, will get SSE for any sha1 or sha256 crypt, but fall back to oSSL for any sha512, since I have not gotten the SSE2 port of that algorithm done yet.  I do have the SSE port in the pbkdf2_hmac_sha512.h file, but no underlying sse code yet, so it never compiles. 

I will get the code into the bleeding tree shortly.

Not a bad improvement.  From 4.5k to 75k. 1600% improvement :)


---- jfoug <> wrote: 
> [was offlist]

> $ ../run/john -test=5 -form=aix-ssha
> Benchmarking: aix-ssha, AIX LPA PBKDF2-HMAC-SHA-1 / SHA-2 [32/32]... DONE
> Raw:    4629 c/s real, 4733 c/s virtual
> $ ../run/john -test=5 -form=aix-ssha
> Benchmarking: aix-ssha, AIX LPA PBKDF2-HMAC-SHA-1 / SHA-2 [32/32]... DONE
> Raw:    23831 c/s real, 24317 c/s virtual
> That is a 5x improvement, by simply not using the 'official/correct'
> PKCS5_PBKDF2_HMAC() function.  
> I 'should' have pbkdf2_hmac_sha512 working for oSSL, but I have not tried it
> yet.  It will not have working code for SSE2 (yet), since I have not ported
> that crypt into sse-intrinsics.c yet, but that is on my todo-soon list.
> Jim.
> -----Original Message-----
> From: magnum [] 
> Sent: Monday, May 06, 2013 19:22
> To:
> Subject: Re: Enhancements to pbkdf2-sha256
> aix-ssha has pbkdf2-hmac-sha1/256/512. That one would be great.
> magnum
> On 7 May, 2013, at 0:58 , wrote:
> > I have enhanced pbkdf2-sha256 to be 'like' the sha1 variant.
> > 
> > Includes:
> > 
> > 1. multiple hashes (so we can get 128 bytes of pbkdf2 hash if needed).
> > 2. the skip bytes interface (like in zip).
> > 3. PARA should work, when/if implemented, for sha256.
> > 
> > Are there any other hash types, that we should do CPU pbkdf2 for?  It
> would be nice to have a consistant interface, where each type is simply a
> single include, and then a 1 (or several) line call to the code, BUT where
> it runs as fast as any 'hand' coded algo.   It would save 100 or many more
> lines in each file, vs replicating that code everywhere.  Hell, look at
> cash2.  I bet that is 400 or 500 lines of code, that could be replaced by 10
> or so, with no loss of speed (and possibly an increase, since there are some
> additional optimizations learned since I did that code).
> > 
> > Jim.<JtR-bleeding-pbkdf2-256-upgrade.patch>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.